---------------------------------------------------------------------- Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Foxit Reader Multiple Vulnerabilities SECUNIA ADVISORY ID: SA34036 VERIFY ADVISORY: http://secunia.com/advisories/34036/ DESCRIPTION: Some vulnerabilities have been reported in Foxit Reader, which can be exploited by malicious people to compromise a user's system. 1) An error exists when processing JBIG2 symbol dictionary segments. This can be exploited to dereference uninitialised memory via a specially crafted PDF file. This vulnerability is confirmed in version 3.0.2009.1301 and reported in versions 2.3 and 3.0. 2) A boundary error exists in the processing of actions defined in PDF files. This can be exploited to cause a stack-based buffer overflow when an action having an overly long filename argument is triggered. This vulnerability is reported in version 3.0. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. NOTE: Additionally, actions defined in PDF files were executed without asking for confirmation when a trigger condition was satisfied. SOLUTION: Update to version 3.0 Build 1506 or version 2.3 Build 3902. PROVIDED AND/OR DISCOVERED BY: 1) Alin Rad Pop, Secunia Research 2) The vendor credits Core Security Technologies. ORIGINAL ADVISORY: Foxit Software: http://www.foxitsoftware.com/pdf/reader/security.htm Secunia Research: http://secunia.com/secunia_research/2009-11/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------