Описание
Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file.
Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-20010
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_title_bof.rb
- https://www.exploit-db.com/exploits/15514
- https://www.exploit-db.com/exploits/15532
- https://www.exploit-db.com/exploits/16621
- https://www.foxit.com/pdf-reader/version-history.html
- https://www.vulncheck.com/advisories/foxit-pdf-reader-title-stack-buffer-overflow
Связанные уязвимости
Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file.