Jump to content
Sign in to follow this  
Aerosol

Foxit Products GIF Conversion Memory Corruption (DataSubBlock)

Recommended Posts

#####################################################################################

Application: Foxit Products GIF Conversion Memory Corruption Vulnerabilities (DataSubBlock)

Platforms: Windows

Versions: The vulnerability is confirmed in version Foxit Reader 7.x. Other versions may also be affected.

Secunia: SA63346

{PRL}: 2015-02

Author: Francis Provencher (Protek Research Lab’s)

Website: http://www.protekresearchlab.com/

Twitter: @protekResearch

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============



Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.[3] Early versions of Foxit Reader were notable for startup performance and small file size.[citation needed] Foxit has been compared favorably toAdobe Reader.[4][5][6] The Windows version allows annotating and saving unfinished PDF forms, FDF import/export, converting to text, highlighting and drawing.

([url]http://en.wikipedia.org/wiki/Foxit_Reader[/url])

#####################################################################################

============================
2) Report Timeline
============================

2015-01-22: Francis Provencher from Protek Research Lab’s found the issue;
2015-01-28: Foxit Security Response Team confirmed the issue;
2015-01-28: Foxit fixed the issue;
2015-03-09: Foxit released fixed version of Foxit Reader 7.1/Foxit Enterprise Reader 7.1/Foxit PhantomPDF7.1.

#####################################################################################

============================
3) Technical details
============================

An error when handling the Size member of a GIF DataSubBlock data structure can be exploited to cause memory corruption via a specially crafted GIF file.

#####################################################################################

===========

4) POC

===========

[url]http://protekresearchlab.com/exploits/PRL-2015-02.gif[/url]
[url]http://www.exploit-db.com/sploits/36335.gif[/url]

###############################################################################

Source

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...