Foxit Products ICC Parsing Integer Overflow Vulnerability Network Vulnerability

Summary

The host is installed with Foxit Products and is prone to integer overflow vulnerability.

Impact

Successful exploitation could allow attackers to crash an affected application or execute arbitrary code by tricking a user into opening a malicious file. Impact Level: System/Application

Solution

Upgrade to the Foxit Reader version 4.3.1.0218 or later. Upgrade to the Foxit Phantom version 2.3.3.1112 or later. For updates refer to http://www.foxitsoftware.com/downloads/index.php

Insight

The flaw is due to an integer overflow error when parsing certain ICC chunks and can be exploited to cause a heap-based buffer overflow via a specially crafted file.

Affected

Foxit Reader version prior to 4.3.1.0218 Foxit Phantom version prior to 2.3.3.1112

References

http://secunia.com/advisories/43329
http://www.vupen.com/english/advisories/2011/0508

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0332
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache mod_proxy content-length buffer overflow
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Linux)
Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows)
Becky! Internet Mail Buffer Overflow Vulnerability
Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities