Description
Multiple serious vulnerabilities have been found in Foxit Reader. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or obtain sensitive information.
Below is a complete list of vulnerabilities
- Heap corruption at thumbnail shell extension plugin can be exploited remotely to cause denial of service via a specially designed PDF document;
- Multiple out of bounds read/write vulnerabilities can be exploited remotely to execute arbitrary code via a specially designed PDF document;
- Out of bounds read at ConvertToPDF plugin can be exploited remotely to cause denial of service via a specially designed TIFF image.
Technical details
Vulnerability (1) related to FoxitThumbnailHndlr_x86.dll and can be exploited via a specially designed JPEG2000 image embedded in a PDF document.
Vulnerabilities under point (2):
– can be triggered when gflags app is enabled and can be exploited via a specially designed BMP or TIFF image embedded in the XFA stream in a PDF document.
– can be exploited via a specially designed JPEG2000 image embedded in a PDF document.
Vulnerability (3) can be triggered when gflags app is enabled.
Original advisories
Related products
CVE list
- CVE-2016-8879 warning
- CVE-2016-8878 high
- CVE-2016-8877 high
- CVE-2016-8876 high
- CVE-2016-8875 warning
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com