Vulnerabilities > CVE-2011-1908 - Numeric Errors vulnerability in Foxitsoftware Foxit Reader

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
foxitsoftware
CWE-189
critical
nessus
NVD
Published: 2011-06-24
Updated: 2017-08-17

Summary

Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document.

Vulnerable Configurations

Part Description Count
Application
Foxitsoftware
18

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows
NASL idFOXIT_READER_4_0_0_0619.NASL
descriptionThe version of Foxit Reader installed on the remote Windows host is prior to 4.0.0.0619. It is, therefore, affected by a remote code execution vulnerability in the FreeType engine due to an integer overflow condition in the Type 1 font decoder. An attacker can exploit this, by tricking a user into opening a crafted PDF file, to cause a denial of service or to execute arbitrary code with the user
last seen2020-06-01
modified2020-06-02
plugin id55422
published2011-06-24
reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/55422
titleFoxit Reader < 4.0.0.0619 FreeType Engine RCE
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(55422);
  script_version("1.9");
  script_cvs_date("Date: 2018/11/15 20:50:26");

  script_cve_id("CVE-2011-1908");
  script_bugtraq_id(48359);
  script_xref(name:"MSVR", value:"MSVR11-005");

  script_name(english:"Foxit Reader < 4.0.0.0619 FreeType Engine RCE");
  script_summary(english:"Checks the version of Foxit Reader.");

  script_set_attribute(attribute:"synopsis", value:
"A PDF viewer installed on the remote host is affected by a remote code
execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Foxit Reader installed on the remote Windows host is
prior to 4.0.0.0619. It is, therefore, affected by a remote code
execution vulnerability in the FreeType engine due to an integer
overflow condition in the Type 1 font decoder. An attacker can exploit
this, by tricking a user into opening a crafted PDF file, to cause a
denial of service or to execute arbitrary code with the user's
privileges.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/VulnerabilityResearchAdvisories/2011/msvr11-005");
  script_set_attribute(attribute:"see_also", value:"https://www.foxitsoftware.com/support/security-bulletins.php");
  script_set_attribute(attribute:"see_also", value:"https://www.foxitsoftware.com/company/press.php?id=191");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Foxit Reader version 4.0.0.0619 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/06/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:foxit_reader");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("foxit_reader_installed.nasl");
  script_require_keys("installed_sw/Foxit Reader");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

app = "Foxit Reader";
install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
version = install["version"];
path    = install["path"];

report = NULL;

fixed_version = "4.0.0.0619";
if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)
{
  port = get_kb_item("SMB/transport");
  if (!port)
    port = 445;

  report =
    '\n  Path              : ' + path +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fixed_version + '\n';

  security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
  exit(0);
}
else
  audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);

Seebug

bulletinFamilyexploit
descriptionBugtraq ID: 48359 CVE ID:CVE-2011-1908 Foxit Reader是一款流行的处理PDF文件的应用程序。 Foxit Reader处理某些非法字体类型存在可利用漏洞,攻击者可以利用这个漏洞使Foxit Reader非正常退出,允许攻击者执行任意代码。 Foxit Foxit Reader 3.2.1 0401 Foxit Foxit Reader 3.2 0303 Foxit Foxit Reader 3.0.2009 .1301 Foxit Foxit Reader 4.0 Foxit Foxit Reader 3.3.1.0518 Foxit Foxit Reader 3.2 Foxit Foxit Reader 3.1.4.1125 Foxit Foxit Reader 3.0 Build 1817 Foxit Foxit Reader 3.0 Build 1506 Foxit Foxit Reader 3.0 Foxit Foxit Reader 2.3 Build 3902 Foxit Foxit Reader 2.3 build 2923 Foxit Foxit Reader 2.3 build 2825 Foxit Foxit Reader 2.3 Foxit Foxit Reader 2.2 厂商解决方案 Foxit Reader 4.0.0.0619已经修复此漏洞,建议用户下载使用: http://www.foxitsoftware.com/pdf/reader/
idSSV:20661
last seen2017-11-19
modified2011-06-25
published2011-06-25
reporterRoot
titleFoxit Reader Freetype引擎远程整数溢出漏洞

References