Skip to main content

Foxit Reader ActiveX Control "OpenFile()" Buffer Overflow Vulnerability

Last Update Date: 22 Jul 2011 11:45 Release Date: 22 Jul 2011 6775 Views

RISK: High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A vulnerability has been identified in Foxit Reader, which can be exploited by malicious people to compromise a user's system.

 

The vulnerability is caused due to a boundary error in the FoxitReaderOCX ActiveX control when processing the "OpenFile()" method. This can be exploited to cause a heap-based buffer overflow via an overly long string passed in the "strFilePath" parameter.


Impact

  • Remote Code Execution

System / Technologies affected

  • Foxit Reader 5.x
  • Foxit Reader ActiveX Control 2.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 5.0.2.0718.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link