Foxit Reader 5.4.3.x < 5.4.5.0124 - PDF XREF Parsing Denial of Service

• Exploit Database
• 15 阅读

• 作者： FuzzMyApp
  日期： 2013-04-18
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/24962/

• # Exploit Title: Foxit Reader 5.4.3.* - 5.4.5.0124 - PDF (Portable Document Format) XREF (Cross Reference Table) parsing Denial of Service Vulnerability
  # Date (found): 2012.11.17
  # Date (publish): 2013.04.17
  # Exploit Author: FuzzMyApp
  # Vendor Homepage: http://www.foxitsoftware.com
  # Version: 5.4.3.* - 5.4.5.0124 (till latest)
  # Tested on: Windows XP SP3 Professional Edition
  
  Name:PDF Cross Reference Table parsing Denial of Service vulnerability.
  Type:DoS
  Description:Foxit Reader does not validate data in PDF Cross Reference Table (XREF) header properly. Tampering with XREF header may lead to integer division by zero exception during its parsing by the application. Raised, not handled, exception causes Denial of Service of Foxit Reader. Vendor was notified on 2013.02.21 but has not responded to this submission. This issue is present in the latest version of application avaiable at the time of writing.
  Exception:Integer division by zero exception.
  Disasm:0055EB70|> \33C0|XOR EAX,EAX
  0055EB72|>8B28|MOV EBP,DWORD PTR DS:[EAX]
  0055EB74|.896C24 64 |MOV DWORD PTR SS:[ESP+64],EBP
  0055EB78|.8D3C2E|LEA EDI,DWORD PTR DS:[ESI+EBP]
  0055EB7B|.3BFE|CMP EDI,ESI
  0055EB7D|.897C24 20 |MOV DWORD PTR SS:[ESP+20],EDI
  0055EB81|.0F82 7F020000 |JB Foxit_Re.0055EE06
  0055EB87|.83C8 FF |OR EAX,FFFFFFFF
  0055EB8A|.33D2|XOR EDX,EDX
  0055EB8C|.F7F7|DIV EDI ;[www.FuzzMyApp.com] Integer division by zero exception
  0055EB8E|.394424 3C |CMP DWORD PTR SS:[ESP+3C],EAX
  0055EB92|.0F83 6E020000 |JNB Foxit_Re.0055EE06
  
  Advisory: http://www.fuzzmyapp.com/advisories/FMA-2012-042/FMA-2012-042-EN.xml
  
  Exploit PoC: http://fuzzmyapp.com/advisories/FMA-2012-042/FMA-2012-042.pdf
   https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/24962.pdf