Foxit Reader 5.4.3.0920 Division By Zero local DoS

2012.09.30
Credit: coolkaveh
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

Title : Foxit Reader suffers from Division By Zero Version : 5.4.3.0920 Date : 2012-09-28 Vendor : http://www.foxitsoftware.com/ Impact : Med/High Contact : coolkaveh [at] rocketmail.com Twitter : @coolkaveh tested : XP SP3 ##################################################################### Bug : ---- division by zero vulnerability during the handling of the pdf files. that will trigger a denial of service condition ##################################################################### (b34.f24): Integer divide-by-zero - code c0000094 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=ffffffff ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000 eip=00558c8c esp=0012f928 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 *** ERROR: Module load completed but symbols could not be loaded for FoxitReader_Lib_Full.exe FoxitReader_Lib_Full+0x158c8c: 00558c8c f7f7 div eax,edi 0:000> r;!exploitable -v;q eax=ffffffff ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000 eip=00558c8c esp=0012f928 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 FoxitReader_Lib_Full+0x158c8c: 00558c8c f7f7 div eax,edi HostMachine\HostUser Executing Processor Architecture is x86 Debuggee is in User Mode Debuggee is a live user mode debugging session on the local machine Event Type: Exception *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - Exception Faulting Address: 0x558c8c First Chance Exception Type: STATUS_INTEGER_DIVIDE_BY_ZERO (0xC0000094) Faulting Instruction:00558c8c div eax,edi Basic Block: 00558c8c div eax,edi Tainted Input Operands: ax, dx, eax, edi 00558c8e cmp dword ptr [esp+3ch],eax Tainted Input Operands: eax 00558c92 jae foxitreader_lib_full+0x158f06 (00558f06) Tainted Input Operands: CarryFlag Exception Hash (Major/Minor): 0x6461647c.0x64616453 Stack Trace: FoxitReader_Lib_Full+0x158c8c Instruction Address: 0x0000000000558c8c Description: Integer Divide By Zero Short Description: DivideByZero Recommended Bug Title: Integer Divide By Zero starting at FoxitReader_Lib_Full+0x0000000000158c8c (Hash=0x6461647c.0x64616453) #####################################################################

References:

http://seclists.org/fulldisclosure/2012/Sep/att-206/POC_pdf.bin
http://www.foxitsoftware.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top