Foxit Reader Plugin for Firefox URL Filename Stack Buffer Overflow

2013-01-12T00:00:00
ID SAINT:F58DB2424C8BB7199B01498CCC20FF37
Type saint
Reporter SAINT Corporation
Modified 2013-01-12T00:00:00

Description

Added: 01/12/2013
BID: 57174
OSVDB: 89030

Background

Foxit Reader is a free PDF reader for Microsoft Windows systems.

Problem

Foxit Reader plugin for Firefox (npFoxitReaderPlugin.dll) is vulnerable to remote code execution as a result of failure to check boundary conditions when processing a URL string with an overly long filename. A remote attacker who persuades a user to open a specially crafted file in the affected product could gain access to the system with the rights of the user.

Resolution

Upgrade to the fixed version when it becomes available by going to Check for Updates Now in Foxit Reader help menu.

References

<http://secunia.com/advisories/51733/>
<http://www.csoonline.com/article/726282/foxit-reader-vulnerable-to-critical-remote-code-execution-flaw>

Limitations

This exploit has been tested with Firefox 18.0 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

The exploit must be opened using Firefox 18.0 on the target. Clear the Firefox history between repeated exploit attempts in order to get better results.

Platforms

Windows XP
Windows 7