Vulnerabilities > CVE-2017-16589 - Out-of-bounds Read vulnerability in Foxitsoftware Foxit Reader 8.3.1.21155
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the yTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4977.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Windows NASL id FOXIT_PHANTOM_9_0.NASL description According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 9.0. It is, therefore, affected by multiple arbitrary code execution and information disclosure vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 104436 published 2017-11-07 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104436 title Foxit PhantomPDF < 9.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(104436); script_version("1.7"); script_cvs_date("Date: 2019/03/27 13:17:51"); script_cve_id( "CVE-2017-14694", "CVE-2017-10959", "CVE-2017-16588", "CVE-2017-16589" ); script_bugtraq_id(101009); script_name(english:"Foxit PhantomPDF < 9.0 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Foxit PhantomPDF."); script_set_attribute(attribute:"synopsis", value: "A PDF toolkit installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 9.0. It is, therefore, affected by multiple arbitrary code execution and information disclosure vulnerabilities."); script_set_attribute(attribute:"see_also", value:"https://www.foxitsoftware.com/support/security-bulletins.php"); script_set_attribute(attribute:"solution", value: "Upgrade to Foxit PhantomPDF version 9.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-10959"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/01"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantom"); script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantompdf"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("foxit_phantom_installed.nasl"); script_require_keys("installed_sw/FoxitPhantomPDF"); exit(0); } include('vcf.inc'); app = 'FoxitPhantomPDF'; app_info = vcf::get_app_info(app:app, win_local:TRUE); constraints = [{ 'min_version' : '8.0', 'max_version' : '8.3.2.25013', 'fixed_version' : '9.0' }]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);NASL family Windows NASL id FOXIT_READER_9_0.NASL description The version of Foxit Reader installed on the remote Windows host is prior to 9.0. It is, therefore, affected by multiple arbitrary code execution and information disclosure vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 104433 published 2017-11-07 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104433 title Foxit Reader < 9.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(104433); script_version("1.7"); script_cvs_date("Date: 2019/03/27 13:17:51"); script_cve_id( "CVE-2017-14694", "CVE-2017-10959", "CVE-2017-16588", "CVE-2017-16589" ); script_bugtraq_id(101009); script_xref(name:"ZDI", value:"ZDI-17-856"); script_xref(name:"ZDI", value:"ZDI-17-857"); script_name(english:"Foxit Reader < 9.0 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Foxit Reader."); script_set_attribute(attribute:"synopsis", value: "A PDF viewer installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Foxit Reader installed on the remote Windows host is prior to 9.0. It is, therefore, affected by multiple arbitrary code execution and information disclosure vulnerabilities."); script_set_attribute(attribute:"see_also", value:"https://www.foxitsoftware.com/support/security-bulletins.php"); script_set_attribute(attribute:"solution", value: "Upgrade to Foxit Reader version 9.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-10959"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/01"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:foxit_reader"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("foxit_reader_installed.nasl"); script_require_keys("installed_sw/Foxit Reader"); exit(0); } include('vcf.inc'); app = 'Foxit Reader'; app_info = vcf::get_app_info(app:app, win_local:TRUE); constraints = [{ 'min_version' : '8.0', 'max_version' : '8.3.2.25013', 'fixed_version' : '9.0' }]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);