KLA10797 Multiple vulnerabilities in Foxit Reader

Multiple vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service.

Below is a complete list of vulnerabilities

1. An unknown vulnerability in ConvertToPDF plugin can be exploited remotely via specially crafted image to cause a denial of service.
2. An unknown vulnerability in XFA forms handling functionality can be exploited remotely via crafted remerge call to execute arbitrary code.
3. An unknown vulnerability can be exploited remotely via specially crafted PDF document to execute arbitrary code.
4. Improper reports format can be exploited remotely via crafted PDF to cause denial of service.
5. An unknown vulnerability can be exploited remotely via crafted content stream to cause denial of service.
6. An unknown vulnerability can be exploited remotely via crafted PDF document to execute arbitrary code.

Technical details

To exploit vulnerability (1) attacker has to use crafted JPEG, GIF or BMP image.

Vulnerability (3) can be exploited through the object with a revision number of -1 in a PDF document.

Vulnerability (6) can be exploited via a crafted FlateDecode stream in a PDF document.

Original advisories

Related products

Foxit-Reader

Foxit-Phantom-PDF

CVE list

CVE-2016-4065 high

CVE-2016-4063 high

CVE-2016-4064 high

CVE-2016-4061 warning

CVE-2016-4062 warning

CVE-2016-4059 high

CVE-2016-4060 warning

Solution

Update to the latest version

Get Foxit software

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

• Foxit Reader versions earlier than 7.3.4Foxit PhantomPDF versions earlier than 7.3.4