Jump to content
Aerosol

Foxit Products GIF Conversion Memory Corruption (DataSubBlock)

Recommended Posts

Posted

#####################################################################################

Application: Foxit Products GIF Conversion Memory Corruption Vulnerabilities (DataSubBlock)

Platforms: Windows

Versions: The vulnerability is confirmed in version Foxit Reader 7.x. Other versions may also be affected.

Secunia: SA63346

{PRL}: 2015-02

Author: Francis Provencher (Protek Research Lab’s)

Website: http://www.protekresearchlab.com/

Twitter: @protekResearch

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============



Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.[3] Early versions of Foxit Reader were notable for startup performance and small file size.[citation needed] Foxit has been compared favorably toAdobe Reader.[4][5][6] The Windows version allows annotating and saving unfinished PDF forms, FDF import/export, converting to text, highlighting and drawing.

([url]http://en.wikipedia.org/wiki/Foxit_Reader[/url])

#####################################################################################

============================
2) Report Timeline
============================

2015-01-22: Francis Provencher from Protek Research Lab’s found the issue;
2015-01-28: Foxit Security Response Team confirmed the issue;
2015-01-28: Foxit fixed the issue;
2015-03-09: Foxit released fixed version of Foxit Reader 7.1/Foxit Enterprise Reader 7.1/Foxit PhantomPDF7.1.

#####################################################################################

============================
3) Technical details
============================

An error when handling the Size member of a GIF DataSubBlock data structure can be exploited to cause memory corruption via a specially crafted GIF file.

#####################################################################################

===========

4) POC

===========

[url]http://protekresearchlab.com/exploits/PRL-2015-02.gif[/url]
[url]http://www.exploit-db.com/sploits/36335.gif[/url]

###############################################################################

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...