Foxit Reader 7.2.8.1124 – ‘.PDF’ Parsing Memory Corruption

• Exploit Database
• 53 阅读

• 作者： Francis Provencher
  日期： 2016-01-26
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/39330/

• #####################################################################################
  
  Application: Foxit Reader PDF Parsing Memory Corruption
  
  Platforms: Windows
  
  Versions: 7.2.8.1124 and earlier
  
  Author: Francis Provencher of COSIG
  
  Website: http://www.protekresearchlab.com/
  
  Twitter: @COSIG_
  
  #####################################################################################
  
  1) Introduction
  2) Report Timeline
  3) Technical details
  4) POC
  
  #####################################################################################
  
  ===============
  1) Introduction
  ===============
  
  Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.[3] Early versions of Foxit Reader were notable for startup performance and small file size.[citation needed] Foxit has been compared favorably toAdobe Reader.[4][5][6] The Windows version allows annotating and saving unfinished PDF forms, FDF import/export, converting to text, highlighting and drawing.
  
  (http://en.wikipedia.org/wiki/Foxit_Reader)
  
  #####################################################################################
  
  ============================
  2) Report Timeline
  ============================
  
  2015-12-18: Francis Provencher from Protek Research Lab’s found the issue;
  2016-01-02: Foxit Security Response Team confirmed the issue;
  2016-01-21: Foxit fixed the issue;
  #####################################################################################
  
  ============================
  3) Technical details
  ============================
  
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader.
  
  User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
  
  A specially crafted PDF can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability
  
  to execute arbitrary code under the context of the current process.
  
  #####################################################################################
  
  ===========
  
  4) POC
  
  ===========
  
  http://protekresearchlab.com/exploits/COSIG-2016-02.pdf
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39330.zip
  
  ###############################################################################