Foxit Products GIF Conversion – ‘LZWMinimumCodeSize’ Memory Corruption

• Exploit Database
• 18 阅读

• 作者： Francis Provencher
  日期： 2015-03-11
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/36334/

• #####################################################################################
  
  Application: Foxit Products GIF Conversion Memory Corruption Vulnerabilities (LZWMinimumCodeSize)
  
  Platforms: Windows
  
  Versions: The vulnerability is confirmed in version Foxit Reader 7.x. Other versions may also be affected.
  
  Secunia: SA63346
  
  {PRL}: 2015-01
  
  Author: Francis Provencher (Protek Research Lab’s)
  
  Website: http://www.protekresearchlab.com/
  
  Twitter: @ProtekResearch
  
  #####################################################################################
  
  1) Introduction
  2) Report Timeline
  3) Technical details
  4) POC
  
  #####################################################################################
  
  ===============
  1) Introduction
  ===============
  
   
  
  Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.[3] Early versions of Foxit Reader were notable for startup performance and small file size.[citation needed] Foxit has been compared favorably toAdobe Reader.[4][5][6] The Windows version allows annotating and saving unfinished PDF forms, FDF import/export, converting to text, highlighting and drawing.
  
  (http://en.wikipedia.org/wiki/Foxit_Reader)
  
  #####################################################################################
  
  ============================
  2) Report Timeline
  ============================
  
  2015-02-17: Francis Provencher from Protek Research Lab’s found the issue;
  2015-02-21: Foxit Security Response Team confirmed the issue;
  2015-02-21: Foxit fixed the issue;
  2015-03-09: Foxit released fixed version of Foxit Reader 7.1/Foxit Enterprise Reader 7.1/Foxit PhantomPDF7.1.
  
  #####################################################################################
  
  ============================
  3) Technical details
  ============================
  
  An error when handling LZWMinimumCodeSize can be exploited to cause memory corruption via a specially crafted GIF file.
  
  #####################################################################################
  
  ===========
  
  4) POC
  
  ===========
  
  http://protekresearchlab.com/exploits/PRL-2015-01.gif
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36334.gif
  
  
  ###############################################################################