KLA11125
Multiple vulnerabilities in Foxit Reader
Updated: 10/31/2017
CVSS
?
4.1
Detect date
?
10/21/2017
Severity
?
Warning
Description

Multiple buffer overflow vulnerabilities have been found in Foxit Reader. Malicious users can exploit these vulnerabilities locally via specially designed .xps file to cause a denial of service or execute arbitrary code.


Technical details

This vulnerabilities are related to:

  1. “Data from Faulting Address controls subsequent Write Address starting at frdvpr_drv!DrvQueryDriverInfo+0x000000000002c851.”;
  2. “Data from Faulting Address controls subsequent Write Address starting at msvcrt!memmove+0x0000000000000158.”.
Affected products

Foxit Reader version 8.3.2.25013

Solution

Update to the latest version

Original advisories

CVE-2017-15771
CVE-2017-15770

Impacts
?
ACE 
[?]

DoS 
[?]
Related products
Foxit Reader