Foxit Reader 5.4.3.*/5.4.5.0124 PDF XREF Denial of Service

2013.04.19
Credit: FuzzMyApp
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: Foxit Reader 5.4.3.* - 5.4.5.0124 - PDF (Portable Document Format) XREF (Cross Reference Table) parsing Denial of Service Vulnerability # Date (found): 2012.11.17 # Date (publish): 2013.04.17 # Exploit Author: FuzzMyApp # Vendor Homepage: http://www.foxitsoftware.com # Version: 5.4.3.* - 5.4.5.0124 (till latest) # Tested on: Windows XP SP3 Professional Edition Name:PDF Cross Reference Table parsing Denial of Service vulnerability. Type:DoS Description:Foxit Reader does not validate data in PDF Cross Reference Table (XREF) header properly. Tampering with XREF header may lead to integer division by zero exception during its parsing by the application. Raised, not handled, exception causes Denial of Service of Foxit Reader. Vendor was notified on 2013.02.21 but has not responded to this submission. This issue is present in the latest version of application avaiable at the time of writing. Exception:Integer division by zero exception. Disasm:0055EB70 |> \33C0 |XOR EAX,EAX 0055EB72 |> 8B28 |MOV EBP,DWORD PTR DS:[EAX] 0055EB74 |. 896C24 64 |MOV DWORD PTR SS:[ESP+64],EBP 0055EB78 |. 8D3C2E |LEA EDI,DWORD PTR DS:[ESI+EBP] 0055EB7B |. 3BFE |CMP EDI,ESI 0055EB7D |. 897C24 20 |MOV DWORD PTR SS:[ESP+20],EDI 0055EB81 |. 0F82 7F020000 |JB Foxit_Re.0055EE06 0055EB87 |. 83C8 FF |OR EAX,FFFFFFFF 0055EB8A |. 33D2 |XOR EDX,EDX 0055EB8C |. F7F7 |DIV EDI ; [www.FuzzMyApp.com] Integer division by zero exception 0055EB8E |. 394424 3C |CMP DWORD PTR SS:[ESP+3C],EAX 0055EB92 |. 0F83 6E020000 |JNB Foxit_Re.0055EE06 Advisory: http://www.fuzzmyapp.com/advisories/FMA-2012-042/FMA-2012-042-EN.xml Exploit PoC: http://fuzzmyapp.com/advisories/FMA-2012-042/FMA-2012-042.pdf

References:

http://fuzzmyapp.com/advisories/FMA-2012-042/FMA-2012-042.pdf


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top