Vulnerabilities > CVE-2009-0691 - Resource Management Errors vulnerability in Foxitsoftware Foxit Reader and Jpeg2000 Jbig2 Decoder Add-On
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows |
NASL id | FOXIT_READER_JBIG_2_0_2009_616.NASL |
description | The Foxit Reader application installed on the remote Windows host includes an optional JPEG2000 / JBIG Decoder add-on that is prior to version 2.0.2009.616. It is, therefore affected by multiple vulnerabilities : - A out-of-bounds read error exists in the add-on due to improper handling of a negative value for the stream offset in a JPEG2000 (JPX) stream. An unauthenticated, remote attacker can exploit this, via a crafted PDF file, to cause a denial of service or to execute arbitrary code. (CVE-2009-0690) - A flaw exists in the add-on due to improper handling of an unspecified fatal error during the decoding of a JPEG2000 (JPX) header. An unauthenticated, remote attacker can exploit this, via a crafted PDF file, to cause a denial of service or to execute arbitrary code. (CVE-2009-0691) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 39481 |
published | 2009-06-22 |
reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/39481 |
title | Foxit Reader JPEG2000 / JBIG Decoder Add-On < 2.0.2009.616 Multiple Vulnerabilities |
code |
|
Seebug
bulletinFamily | exploit |
description | Bugraq ID: 35443 CVE-2009-0691 CNCVE-20090691 Foxit Reader是一款设计用于PDF文件的应用程序。 Foxit Reader处理JPX (JPEG2000)流存在问题,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 Foxit Reader默认不能解码JPEG2000数据,安装了JPEG2000 / JBIG Decoder add-on的Foxit Reader受此漏洞影响。通过诱使用户打开恶意DPF文件,攻击者可执行任意代码或使PDF查看器崩溃。 Foxit Foxit Reader 3.0.2009 1301 Foxit Foxit Reader 3.0 Build 1506 Foxit Foxit Reader 3.0 Foxit Foxit Reader 2.3 Build 3902 Foxit Foxit Reader 2.3 build 2923 Foxit Foxit Reader 2.3 build 2825 Foxit Foxit Reader 2.3 Foxit Foxit Reader 2.2 升级程序: Foxit Foxit Reader 2.3 build 2825 Foxit ImageDecoder_2.0.2009.616.fzip <a href="http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im" target="_blank" rel=external nofollow>http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im</a> ageDecoder_2.0.2009.616.fzip Foxit Foxit Reader 2.3 Foxit ImageDecoder_2.0.2009.616.fzip <a href="http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im" target="_blank" rel=external nofollow>http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im</a> ageDecoder_2.0.2009.616.fzip Foxit Foxit Reader 2.3 Build 3902 Foxit ImageDecoder_2.0.2009.616.fzip <a href="http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im" target="_blank" rel=external nofollow>http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im</a> ageDecoder_2.0.2009.616.fzip Foxit Foxit Reader 2.3 build 2923 Foxit ImageDecoder_2.0.2009.616.fzip <a href="http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im" target="_blank" rel=external nofollow>http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im</a> ageDecoder_2.0.2009.616.fzip Foxit Foxit Reader 2.2 Foxit ImageDecoder_2.0.2009.616.fzip <a href="http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im" target="_blank" rel=external nofollow>http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im</a> ageDecoder_2.0.2009.616.fzip Foxit Foxit Reader 3.0 Build 1506 Foxit ImageDecoder_2.0.2009.616.fzip <a href="http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im" target="_blank" rel=external nofollow>http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im</a> ageDecoder_2.0.2009.616.fzip Foxit Foxit Reader 3.0 Foxit ImageDecoder_2.0.2009.616.fzip <a href="http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im" target="_blank" rel=external nofollow>http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im</a> ageDecoder_2.0.2009.616.fzip Foxit Foxit Reader 3.0.2009 1301 Foxit ImageDecoder_2.0.2009.616.fzip <a href="http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im" target="_blank" rel=external nofollow>http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/addon/Im</a> ageDecoder_2.0.2009.616.fzip |
id | SSV:11687 |
last seen | 2017-11-19 |
modified | 2009-06-23 |
published | 2009-06-23 |
reporter | Root |
title | Foxit Reader JPEG2000头解码内存破坏漏洞 |