Multiple vulnerabilities in Foxit Reader

Description

Multiple buffer overflow vulnerabilities have been found in Foxit Reader. Malicious users can exploit these vulnerabilities locally via specially designed .xps file to cause a denial of service or execute arbitrary code.

---

Technical details

This vulnerabilities are related to:

1. “Data from Faulting Address controls subsequent Write Address starting at frdvpr_drv!DrvQueryDriverInfo+0x000000000002c851.”;
2. “Data from Faulting Address controls subsequent Write Address starting at msvcrt!memmove+0x0000000000000158.”.

Original advisories

• CVE-2017-15771

• CVE-2017-15770

Related products

• Foxit-Reader

CVE list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com