Vulnerability CVE-2011-0332


Published: 2011-02-25   Modified: 2012-02-13

Description:
Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow.

Vendor: Foxitsoftware
Product: Reader 
Version:
4.3
4.1.1
4.0
3.3.1
3.2.1
3.2
3.1.4
3.1.3
3.1.1
3.1
3.0
2.3
2.2
2.0
Product: Foxit reader 
Version:
4.3
4.1.1
4.0
3.3.1
3.2.1
3.2
3.1.4
3.1.3
3.1.1
3.1
3.0
2.3
2.2
2.0
Product: Foxit phantom 
Version:
2.3
2.2.4
2.2.3
2.2.1
2.2
2.1.1
2.1
2.0
1.0.2
Product: Phantom 
Version:
2.3
2.2.4
2.2.3
2.2.1
2.2
2.1.1
2.1
2.0
1.0.2

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#memory
http://www.securitytracker.com/id?1025129
http://www.vupen.com/english/advisories/2011/0508

Related CVE
CVE-2019-5007
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.
CVE-2019-5006
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer dereference during PDF parsing.
CVE-2019-5005
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause ...
CVE-2018-19390
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification ...
CVE-2018-19389
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!ConnectedPDF::ConnectedPDFSDK::FCP_SendEmailNotification i...
CVE-2018-19388
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.
CVE-2018-19348
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from ...
CVE-2018-19347
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Data from ...

Copyright 2019, cxsecurity.com

 

Back to Top