KLA10948
Denial of service and code execution vulnerability in Foxit Reader and Foxit PhantomPDF
Обновлено: 17/06/2019
Дата обнаружения
23/01/2017
Уровень угрозы
High
Описание

Out-of bounds read vulnerability was found in the ConvertToPDF plugin in Foxit Reader and PhantomPDF. By exploiting this vulnerability malicious users can cause a denial of service, possibly obtain sensitive information or execute arbitrary code in the context of the current process. This vulnerability can be exploited remotely via a specially designed JPEG image.


Technical details

Vulnerability can be executed only if gflags app is enabled.

Пораженные продукты

Foxit Reader before 8.2
Foxit PhantomPDF before 8.2

Решение

Update to the latest versions
Download Foxit PhantomPDF
Download Foxit Reader

Первичный источник обнаружения
Foxit Security bulletins
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]
Связанные продукты
Foxit Reader
Foxit Phantom PDF
CVE-IDS