Aerosol Posted March 11, 2015 Report Posted March 11, 2015 #####################################################################################Application: Foxit Products GIF Conversion Memory Corruption Vulnerabilities (DataSubBlock)Platforms: WindowsVersions: The vulnerability is confirmed in version Foxit Reader 7.x. Other versions may also be affected.Secunia: SA63346{PRL}: 2015-02Author: Francis Provencher (Protek Research Lab’s)Website: http://www.protekresearchlab.com/Twitter: @protekResearch#####################################################################################1) Introduction2) Report Timeline3) Technical details4) POC#####################################################################################===============1) Introduction===============Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.[3] Early versions of Foxit Reader were notable for startup performance and small file size.[citation needed] Foxit has been compared favorably toAdobe Reader.[4][5][6] The Windows version allows annotating and saving unfinished PDF forms, FDF import/export, converting to text, highlighting and drawing.([url]http://en.wikipedia.org/wiki/Foxit_Reader[/url])#####################################################################################============================2) Report Timeline============================2015-01-22: Francis Provencher from Protek Research Lab’s found the issue;2015-01-28: Foxit Security Response Team confirmed the issue;2015-01-28: Foxit fixed the issue;2015-03-09: Foxit released fixed version of Foxit Reader 7.1/Foxit Enterprise Reader 7.1/Foxit PhantomPDF7.1.#####################################################################################============================3) Technical details============================An error when handling the Size member of a GIF DataSubBlock data structure can be exploited to cause memory corruption via a specially crafted GIF file.#####################################################################################===========4) POC===========[url]http://protekresearchlab.com/exploits/PRL-2015-02.gif[/url][url]http://www.exploit-db.com/sploits/36335.gif[/url]###############################################################################Source Quote