Foxit Reader Freetype Engine Integer Overflow Vulnerability Network Vulnerability

Summary

The host is installed with Foxit Reader and is prone to integer overflow vulnerability.

Impact

Successful exploitation will let attacker execute arbitrary code or crash an affected application or gain the same user rights as the logged-on user. Impact Level: System/Application

Solution

Upgrade to Foxit Reader version 4.0.0.0619 or later. For updates refer to http://www.foxitsoftware.com/downloads/

Insight

The flaw is due to an error in FreeType engine when handling certain invalid font type, which allows attackers to execute arbitrary code.

Affected

Foxit Reader version prior to 4.0.0.0619

References

http://www.foxitsoftware.com/products/reader/security_bulletins.php#freetype
http://www.microsoft.com/technet/security/advisory/msvr11-005.mspx
http://xforce.iss.net/xforce/xfdb/68145

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1908
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability
BSPlayer Stack Overflow Vulnerability SRT
CCProxy CONNECTION Request Buffer Overflow Vulnerability
Dell Webcam 'crazytalk4.ocx' ActiveX Multiple BOF Vulnerabilities
Alpine tmail and dmail Buffer Overflow Vulnerabilities (Win)

Take action and discover your vulnerabilities