Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Foxit Reader 5.4.3.0920 Crash PoC

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 19 Views

Foxit Reader 5.4.3.0920 Crash PoC, Division By Zero vulnerability in Foxit Reade

Code

                                                Title            :  Foxit Reader suffers from Division By Zero
Version          :  5.4.3.0920 
Date             :  2012-09-28
Vendor           :  http://www.foxitsoftware.com/
Impact           :  Med/High
Contact          :  coolkaveh [at] rocketmail.com
Twitter          :  @coolkaveh
tested           :  XP SP3
#####################################################################
Bug :
----
division by zero vulnerability during the handling of the pdf files.
that will trigger a denial of service condition

#####################################################################
(b34.f24): Integer divide-by-zero - code c0000094 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=ffffffff 
ebx=00000000 
ecx=00000000 
edx=00000000 
esi=00000000 
edi=00000000
eip=00558c8c 
esp=0012f928 
ebp=00000000 
iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246
*** ERROR: Module load completed but symbols could not be loaded for FoxitReader_Lib_Full.exe
FoxitReader_Lib_Full+0x158c8c:
00558c8c f7f7            div     eax,edi
0:000> r;!exploitable -v;q
eax=ffffffff 
ebx=00000000 
ecx=00000000 
edx=00000000 
esi=00000000 
edi=00000000
eip=00558c8c 
esp=0012f928 
ebp=00000000 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246
FoxitReader_Lib_Full+0x158c8c:
00558c8c f7f7            div     eax,edi
HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 
Exception Faulting Address: 0x558c8c
First Chance Exception Type: STATUS_INTEGER_DIVIDE_BY_ZERO (0xC0000094)

Faulting Instruction:00558c8c div eax,edi

Basic Block:
    00558c8c div eax,edi
       Tainted Input Operands: ax, dx, eax, edi
    00558c8e cmp dword ptr [esp+3ch],eax
       Tainted Input Operands: eax
    00558c92 jae foxitreader_lib_full+0x158f06 (00558f06)
       Tainted Input Operands: CarryFlag

Exception Hash (Major/Minor): 0x6461647c.0x64616453

Stack Trace:
FoxitReader_Lib_Full+0x158c8c
Instruction Address: 0x0000000000558c8c

Description: Integer Divide By Zero
Short Description: DivideByZero
Recommended Bug Title: Integer Divide By Zero starting at FoxitReader_Lib_Full+0x0000000000158c8c (Hash=0x6461647c.0x64616453)
#####################################################################

Proof of concept .pdf included: http://www.exploit-db.com/sploits/21645.pdf

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
foxit readerdivision by zerodenial of servicevulnerabilitypdfexploitinteger divide by zero
19