Search...

Foxit Products ICC Parsing Integer Overflow Vulnerability

2011-03-04T00:00:00

ID OPENVAS:1361412562310801752
Type openvas
Reporter Copyright (c) 2011 Greenbone Networks GmbH
Modified 2018-06-08T00:00:00

Description

The host is installed with Foxit Products and is prone to integer overflow vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_foxit_prdts_int_overflow_vuln.nasl 10140 2018-06-08 12:58:24Z asteins $
#
# Foxit Products ICC Parsing Integer Overflow Vulnerability
#
# Authors:
# Madhuri D &lt;dmadhuri@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.801752");
  script_version("$Revision: 10140 $");
  script_tag(name:"last_modification", value:"$Date: 2018-06-08 14:58:24 +0200 (Fri, 08 Jun 2018) $");
  script_tag(name:"creation_date", value:"2011-03-04 14:32:35 +0100 (Fri, 04 Mar 2011)");
  script_cve_id("CVE-2011-0332");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_name("Foxit Products ICC Parsing Integer Overflow Vulnerability");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/43329");
  script_xref(name : "URL" , value : "http://www.vupen.com/english/advisories/2011/0508");

  script_tag(name:"qod_type", value:"executable_version");
  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
  script_category(ACT_GATHER_INFO);
  script_family("Buffer overflow");
  script_dependencies("gb_foxit_reader_detect_portable_win.nasl", "gb_foxit_phantom_detect.nasl");
  script_mandatory_keys("Foxit/Phantom_or_Reader/Installed");
  script_tag(name : "impact" , value : "Successful exploitation could allow attackers to crash an affected
  application or execute arbitrary code by tricking a user into opening a
  malicious file.
  Impact Level: System/Application");
  script_tag(name : "affected" , value : "Foxit Reader version prior to 4.3.1.0218
  Foxit Phantom version prior to 2.3.3.1112");
  script_tag(name : "insight" , value : "The flaw is due to an integer overflow error when parsing certain ICC
  chunks and can be exploited to cause a heap-based buffer overflow via a
  specially crafted file.");
  script_tag(name : "solution" , value : "Upgrade to the Foxit Reader version 4.3.1.0218 or later.
  Upgrade to the Foxit Phantom version 2.3.3.1112 or later.
  For updates refer to http://www.foxitsoftware.com/downloads/index.php");
  script_tag(name : "solution_type" , value : "VendorFix");
  script_tag(name : "summary" , value : "The host is installed with Foxit Products and is prone to integer
  overflow vulnerability.");
  exit(0);
}


include("version_func.inc");

foxitVer = get_kb_item("Foxit/Reader/Ver");
if(foxitVer)
{
  if(version_is_less(version:foxitVer, test_version:"4.3.1.0218"))
  {
    security_message( port: 0, data: "The target host was found to be vulnerable" );
    exit(0);
  }
}

foxVer = get_kb_item("Foxit/Phantom/Ver");
if(!foxVer){
  exit(0);
}

if(version_is_less(version:foxVer, test_version:"2.3.3.1112")){
  security_message( port: 0, data: "The target host was found to be vulnerable" );
  exit(0);
}

exit(99);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310801752", "bulletinFamily": "scanner", "title": "Foxit Products ICC Parsing Integer Overflow Vulnerability", "description": "The host is installed with Foxit Products and is prone to integer\n overflow vulnerability.", "published": "2011-03-04T00:00:00", "modified": "2018-06-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801752", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["http://www.vupen.com/english/advisories/2011/0508", "http://secunia.com/advisories/43329"], "cvelist": ["CVE-2011-0332"], "type": "openvas", "lastseen": "2018-06-08T19:26:35", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2011-0332"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The host is installed with Foxit Products and is prone to integer\n overflow vulnerability.", "edition": 1, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "219e3473b5f1574e86bf115e7abdf730ce6c408470ffa36a25a320af2389c8c7", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "5b3e78bf2118fdcf240d0771f3c6039e", "key": "reporter"}, {"hash": "7dea6de90fdda5e31264bd9b89565b8c", "key": "description"}, {"hash": "d64cbb4cd372c9149f8e169a86b28631", "key": "references"}, {"hash": "0e261ad6c9619556a2170952c0154efd", "key": "published"}, {"hash": "b6d6c7cf8fb9a1904130fa96f453a68f", "key": "pluginID"}, {"hash": "b71a4f1f6034984fb92c1e4666f090e3", "key": "href"}, {"hash": "b9cc6a9f33ec12abd4e976263afc3918", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "669578dff97c16a0f41051692e23b8aa", "key": "modified"}, {"hash": "55dab5385ca1b493b81e6ed993c7d331", "key": "cvelist"}, {"hash": "cb413ec2fd32973b860aa952ebb3020a", "key": "title"}, {"hash": "91eb8ee4964dede5cda513defbd7a8ea", "key": "sourceData"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801752", "id": "OPENVAS:1361412562310801752", "lastseen": "2017-07-19T10:54:45", "modified": "2017-07-04T00:00:00", "naslFamily": "Buffer overflow", "objectVersion": "1.3", "pluginID": "1361412562310801752", "published": "2011-03-04T00:00:00", "references": ["http://www.vupen.com/english/advisories/2011/0508", "http://secunia.com/advisories/43329"], "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_foxit_prdts_int_overflow_vuln.nasl 6515 2017-07-04 11:54:15Z cfischer $\n#\n# Foxit Products ICC Parsing Integer Overflow Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to crash an affected\n application or execute arbitrary code by tricking a user into opening a\n malicious file.\n Impact Level: System/Application\";\ntag_affected = \"Foxit Reader version prior to 4.3.1.0218\n Foxit Phantom version prior to 2.3.3.1112\";\ntag_insight = \"The flaw is due to an integer overflow error when parsing certain ICC\n chunks and can be exploited to cause a heap-based buffer overflow via a\n specially crafted file.\";\ntag_solution = \"Upgrade to the Foxit Reader version 4.3.1.0218 or later.\n Upgrade to the Foxit Phantom version 2.3.3.1112 or later.\n For updates refer to http://www.foxitsoftware.com/downloads/index.php\";\ntag_summary = \"The host is installed with Foxit Products and is prone to integer\n overflow vulnerability.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801752\");\n script_version(\"$Revision: 6515 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-04 13:54:15 +0200 (Tue, 04 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-04 14:32:35 +0100 (Fri, 04 Mar 2011)\");\n script_cve_id(\"CVE-2011-0332\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Foxit Products ICC Parsing Integer Overflow Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/43329\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2011/0508\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_foxit_reader_detect.nasl\", \"gb_foxit_phantom_detect.nasl\");\n script_mandatory_keys(\"Foxit/Phantom_or_Reader/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get the version Foxit Reader from KB\nfoxitVer = get_kb_item(\"Foxit/Reader/Ver\");\nif(foxitVer)\n{\n ## Check for Foxit Reader Version less than 4.3.1.0218\n if(version_is_less(version:foxitVer, test_version:\"4.3.1.0218\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n## Get the Foxit Phantom version from KB\nfoxVer = get_kb_item(\"Foxit/Phantom/Ver\");\nif(!foxVer){\n exit(0);\n}\n\n## Check for Foxit Phantom version less than 2.3.3.1112\nif(version_is_less(version:foxVer, test_version:\"2.3.3.1112\")){\n security_message(0);\n}\n", "title": "Foxit Products ICC Parsing Integer Overflow Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-19T10:54:45"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "55dab5385ca1b493b81e6ed993c7d331"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "7dea6de90fdda5e31264bd9b89565b8c"}, {"key": "href", "hash": "b71a4f1f6034984fb92c1e4666f090e3"}, {"key": "modified", "hash": "972127e56bbc7305ccf432db040aca2f"}, {"key": "naslFamily", "hash": "b9cc6a9f33ec12abd4e976263afc3918"}, {"key": "pluginID", "hash": "b6d6c7cf8fb9a1904130fa96f453a68f"}, {"key": "published", "hash": "0e261ad6c9619556a2170952c0154efd"}, {"key": "references", "hash": "d64cbb4cd372c9149f8e169a86b28631"}, {"key": "reporter", "hash": "5b3e78bf2118fdcf240d0771f3c6039e"}, {"key": "sourceData", "hash": "ffa27d076cf660609a026e2271c1bba3"}, {"key": "title", "hash": "cb413ec2fd32973b860aa952ebb3020a"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "6c0081ac12f85293add9b58d94f4b115c7c13976070b30990d71176dc7417aaf", "viewCount": 0, "enchantments": {"vulnersScore": 9.3}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_foxit_prdts_int_overflow_vuln.nasl 10140 2018-06-08 12:58:24Z asteins $\n#\n# Foxit Products ICC Parsing Integer Overflow Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801752\");\n script_version(\"$Revision: 10140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-08 14:58:24 +0200 (Fri, 08 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-04 14:32:35 +0100 (Fri, 04 Mar 2011)\");\n script_cve_id(\"CVE-2011-0332\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Foxit Products ICC Parsing Integer Overflow Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/43329\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2011/0508\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_foxit_reader_detect_portable_win.nasl\", \"gb_foxit_phantom_detect.nasl\");\n script_mandatory_keys(\"Foxit/Phantom_or_Reader/Installed\");\n script_tag(name : \"impact\" , value : \"Successful exploitation could allow attackers to crash an affected\n application or execute arbitrary code by tricking a user into opening a\n malicious file.\n Impact Level: System/Application\");\n script_tag(name : \"affected\" , value : \"Foxit Reader version prior to 4.3.1.0218\n Foxit Phantom version prior to 2.3.3.1112\");\n script_tag(name : \"insight\" , value : \"The flaw is due to an integer overflow error when parsing certain ICC\n chunks and can be exploited to cause a heap-based buffer overflow via a\n specially crafted file.\");\n script_tag(name : \"solution\" , value : \"Upgrade to the Foxit Reader version 4.3.1.0218 or later.\n Upgrade to the Foxit Phantom version 2.3.3.1112 or later.\n For updates refer to http://www.foxitsoftware.com/downloads/index.php\");\n script_tag(name : \"solution_type\" , value : \"VendorFix\");\n script_tag(name : \"summary\" , value : \"The host is installed with Foxit Products and is prone to integer\n overflow vulnerability.\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nfoxitVer = get_kb_item(\"Foxit/Reader/Ver\");\nif(foxitVer)\n{\n if(version_is_less(version:foxitVer, test_version:\"4.3.1.0218\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nfoxVer = get_kb_item(\"Foxit/Phantom/Ver\");\nif(!foxVer){\n exit(0);\n}\n\nif(version_is_less(version:foxVer, test_version:\"2.3.3.1112\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n\nexit(99);\n", "naslFamily": "Buffer overflow", "pluginID": "1361412562310801752"}

{"result": {"cve": [{"id": "CVE-2011-0332", "type": "cve", "title": "CVE-2011-0332", "description": "Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow.", "published": "2011-02-25T14:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0332", "cvelist": ["CVE-2011-0332"], "lastseen": "2017-04-18T15:52:54"}], "openvas": [{"id": "OPENVAS:801752", "type": "openvas", "title": "Foxit Products ICC Parsing Integer Overflow Vulnerability", "description": "The host is installed with Foxit Products and is prone to integer\n overflow vulnerability.", "published": "2011-03-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=801752", "cvelist": ["CVE-2011-0332"], "lastseen": "2017-07-02T21:13:39"}], "seebug": [{"id": "SSV:20345", "type": "seebug", "title": "Foxit Reader ICC\u89e3\u6790\u8fdc\u7a0b\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e", "description": "BUGTRAQ ID: 46565\r\nCVE ID: CVE-2011-0332\r\n\r\nFoxit Reader\u662f\u4e00\u6b3e\u5c0f\u578b\u7684PDF\u6587\u6863\u67e5\u770b\u5668\u548c\u6253\u5370\u7a0b\u5e8f\u3002\r\n\r\nFoxit Reader\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728ICC\u89e3\u6790\u8fdc\u7a0b\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\n\u6b64\u6f0f\u6d1e\u6e90\u4e8e\u5728\u89e3\u6790\u67d0\u4e9bICC\u5757\u65f6\u7684\u6574\u6570\u6ea2\u51fa\u9519\u8bef\uff0c\u53ef\u901a\u8fc7\u7279\u5236\u7684\u6587\u4ef6\u9020\u6210\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\n\nFoxit Foxit Reader 4.3.1.0118\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nFoxit\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.foxitsoft.com/wac/server_intro.php", "published": "2011-03-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-20345", "cvelist": ["CVE-2011-0332"], "lastseen": "2017-11-19T18:06:24"}], "nessus": [{"id": "FOXIT_READER_4_3_1_0218.NASL", "type": "nessus", "title": "Foxit Reader < 4.3.1.0218 Multiple Vulnerabilities", "description": "The version of Foxit Reader installed on the remote Windows host is prior to 4.3.1.0218. It is, therefore, affected by multiple vulnerabilities :\n\n - An integer overflow condition exists when parsing certain ICC chunks. An attacker can exploit this, via crafted ICC chunks in a PDF file, to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2011-0332)\n\n - A flaw exists in the JavaScript API related to the createDataObject() function. An attacker can exploit this, via a crafted PDF file using a call to that function, to create or overwrite arbitrary files.\n (VulnDB 71104)", "published": "2011-02-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=52458", "cvelist": ["CVE-2011-0332"], "lastseen": "2018-07-12T18:12:45"}]}}