Foxit Products GIF Conversion Memory Corruption (DataSubBlock)



EKU-ID: 4636 CVE: OSVDB-ID: 119303
Author: Francis Provencher Published: 2015-03-16 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#####################################################################################
  
Application:   Foxit Products GIF Conversion Memory Corruption Vulnerabilities (DataSubBlock)
  
Platforms:   Windows
  
Versions:   The vulnerability is confirmed in version Foxit Reader 7.x. Other versions may also be affected.
  
Secunia:   SA63346
  
{PRL}:   2015-02
  
Author:   Francis Provencher (Protek Research Lab’s)
  
Website:   http://www.protekresearchlab.com/
  
Twitter:   @ProtekResearch
  
#####################################################################################
  
1) Introduction
2) Report Timeline
3) Technical details
4) POC
  
#####################################################################################
  
===============
1) Introduction
===============
  
   
  
Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.[3] Early versions of Foxit Reader were notable for startup performance and small file size.[citation needed] Foxit has been compared favorably toAdobe Reader.[4][5][6] The Windows version allows annotating and saving unfinished PDF forms, FDF import/export, converting to text, highlighting and drawing.
  
(http://en.wikipedia.org/wiki/Foxit_Reader)
  
#####################################################################################
  
============================
2) Report Timeline
============================
  
2015-01-22: Francis Provencher from Protek Research Lab’s found the issue;
2015-01-28: Foxit Security Response Team confirmed the issue;
2015-01-28: Foxit fixed the issue;
2015-03-09: Foxit released fixed version of Foxit Reader 7.1/Foxit Enterprise Reader 7.1/Foxit PhantomPDF7.1.
  
#####################################################################################
  
============================
3) Technical details
============================
  
An error when handling the Size member of a GIF DataSubBlock data structure can be exploited to cause memory corruption via a specially crafted GIF file.
  
#####################################################################################
  
===========
  
4) POC
  
===========
  
http://protekresearchlab.com/exploits/PRL-2015-02.gif
http://www.exploit-db.com/sploits/36335.gif