Foxit vulnerability: the 4 billion users at risk-vulnerability and early warning-the black bar safety net

2016-07-03T00:00:00
ID MYHACK58:62201676506
Type myhack58
Reporter 佚名
Modified 2016-07-03T00:00:00

Description

! The popular PDF reader Foxit developers recently fixed a 1 2 at the risk of security vulnerabilities,these vulnerabilities may lead to remote code execution. This reader has about 4 million users,they think this is a Adobe Reader is the perfect alternative. The official fix for the windows and linux versions of more than a dozen vulnerabilities. If an attacker exploits this vulnerability,can deceive the user with Foxit or Want to open a malicious PDF file. As long as you provide the corresponding links,it has seven related vulnerability allows an attacker to execute remote code(which of the seven vulnerabilities have been fixed in). Foxit in open consultation reply letter lists six vulnerabilities. Reader version 8 and Want to have these vulnerabilities: •ConvertToPDF TIFF parsing vulnerability,allowing the attacker out of bounds write remote code •ConvertToPDF BMP parsing vulnerability,allowing an attacker to cross-border read the privacy information •ConvertToPDF GIF parsing vulnerability,allowing the attacker out of bounds write remote code •The JPEG parsing vulnerability,allowing an attacker to cross-border read the privacy information •ConvertToPDF TIFF parsing vulnerability,allowing the attacker out of bounds write remote code •exportData vulnerability,allows an attacker to bypass the permissions,remote code execution •Security mode vulnerability,allows an attacker to steal information •FlateDecode vulnerability,allows an attacker to execute remote code •Mode of uninitialized pointer vulnerability,allows an attacker to execute remote code •FlateDecode vulnerability,allows an attacker to execute remote code •Exactly the same action stack buffer overflow vulnerability,allowing an attacker to execute remote code