Foxit Reader (may be) vulnerable
I came across this today, a Multiple Vendor PDF Document Catalog Handling Vulnerability over at MOAB. I was curious, so I decided to check it out and download the POC exploit code. The document failed to open on my Windows XP workstation using Foxit Reader version 2.0 build 0922. I ran it through Visual C++ Express to see what I can get from debugging it, (unfortunately not much due to not having Foxit source code or the symbols) and got this:
First-chance exception at 0x0042a266 in FoxitReader.exe: 0xC00000FD: Stack overflow. Unhandled exception at 0x0042a266 in FoxitReader.exe: 0xC00000FD: Stack overflow.
I'll post updates as they become available.blog comments powered by Disqus