Vulnerability CVE-2011-0332


Published: 2011-02-25   Modified: 2012-02-13

Description:
Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Foxitsoftware -> Phantom 
Foxitsoftware -> Reader 
Foxitsoftware -> Foxit phantom 
Foxitsoftware -> Foxit reader 

 References:
http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#memory
http://www.securitytracker.com/id?1025129
http://www.vupen.com/english/advisories/2011/0508

Copyright 2024, cxsecurity.com

 

Back to Top