Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:4892
HistoryMar 11, 2009 - 12:00 a.m.

Foxit Reader PDF文件处理多个代码执行和绕过授权漏洞

2009-03-1100:00:00
Root
www.seebug.org
102

EPSS

0.623

Percentile

97.9%

JSON

BUGTRAQ ID: 34035
CVE(CAN) ID: CVE-2009-0191,CVE-2009-0836,CVE-2009-0837

Foxit Reader是一款小型的PDF文档查看器和打印程序。

  1. Foxit Reader在处理JBIG2符号字典段时存在错误,特制的PDF文件可能导致引用未经初始化的内存。

  2. 如果PDF文件中定义了Open/Execute a file操作,Foxit Reader可能会未经用户确认便打开或执行PDF文件创建者所定义的文件。

  3. 如果带有超长文件名参数的PDF文件中定义了Open/Execute a file操作,由于未经充分的边界检查便试图将文件名参数拷贝到栈中固定大小的缓冲区,在某些情况下可能会触发栈溢出。

Foxit Foxit Reader 3.0
Foxit Foxit Reader 2.3
厂商补丁:

Foxit

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://www.foxitsoftware.com/downloads/” target=“_blank”>http://www.foxitsoftware.com/downloads/</a>


                                                http://www.coresecurity.com/files/attachments/CORE-2009-0218-PoC-authorization-bypass.pdf 
http://www.coresecurity.com/files/attachments/CORE-2009-0218-PoC-BOF.pdf

Related

nessus 1
openvas 2
coresecurity 1
cvelist 4
securityvulns 2
prion 4
cve 4
nvd 4
exploitdb 2
canvas 2
checkpoint_advisories 2
metasploit 1
nessus
nessus
Foxit Reader 2.x < 2.3 Build 3902 / 3.x < 3.0 Build 1506 Multiple Vulnerabilities
2009-03-09 00:00:00
openvas
openvas
Foxit Reader Multiple Vulnerabilities Mar-09
2009-03-17 00:00:00
Foxit Reader Multiple Vulnerabilities (Mar 2009)
2009-03-17 00:00:00
coresecurity
coresecurity
Foxit Reader Multiple Vulnerabilities
2009-03-09 00:00:00
cvelist
cvelist
CVE-2009-0191
2009-03-10 20:00:00
CVE-2009-0837
2009-03-10 20:00:00
CVE-2009-0836
2009-03-10 20:00:00
securityvulns
securityvulns
FoxIT Reader multiple security vulnerabilities
2009-03-09 00:00:00
Secunia Research: Foxit Reader JBIG2 Symbol Dictionary Processing Vulnerability
2009-03-09 00:00:00
prion
prion
Memory corruption
2009-03-10 20:30:00
Stack overflow
2009-03-10 20:30:00
Design/Logic Flaw
2009-03-10 20:30:00
cve
cve
CVE-2009-0191
2009-03-10 20:30:06
CVE-2009-0837
2009-03-10 20:30:06
CVE-2009-0836
2009-03-10 20:30:06
nvd
nvd
CVE-2009-0191
2009-03-10 20:30:06
CVE-2009-0837
2009-03-10 20:30:06
CVE-2009-0836
2009-03-10 20:30:06
exploitdb
exploitdb
Foxit Reader 3.0 (Build 1301) - PDF Universal Buffer Overflow
2009-03-13 00:00:00
Foxit Reader 3.0 - Open Execute Action Stack Buffer Overflow (Metasploit)
2012-05-21 00:00:00
canvas
canvas
Immunity Canvas: FOXIT_ACTION
2009-03-10 20:30:00
Immunity Canvas: FOXITLAUNCHIT
2009-03-10 20:30:00
checkpoint_advisories
checkpoint_advisories
Foxit Reader PDF Files Processing Buffer Overflow (CVE-2009-0837)
2014-11-09 00:00:00
Multiple PDF products Launch Action Command Code Execution (APSB10-15; CVE-2009-0836; CVE-2010-1240)
2010-06-30 00:00:00
metasploit
metasploit
Foxit Reader Authorization Bypass
2009-03-29 19:07:28

EPSS

0.623

Percentile

97.9%

JSON
Related for SSV:4892
nessus1openvas2coresecurity1cvelist4securityvulns2prion4cve4nvd4exploitdb2canvas2checkpoint_advisories2metasploit1