Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1104

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1104
Last Modified 07 Mar 2011 10:05:57
Published 21 May 2008 09:24:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1104

Summary

Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings.

Vulnerable Systems

Application

  • Foxitsoftware Reader 2.0

  • Foxitsoftware Reader 2.2

  • Foxitsoftware Reader 2.3


References

CERT-VN - VU#119747

XF - foxitreader-utilprintf-bo(42531)

VUPEN - ADV-2008-1572

SECTRACK - 1020050

BID - 29288

BUGTRAQ - 20080520 Secunia Research: Foxit Reader "util.printf()" Buffer Overflow

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=800801

SREASON - 3899

MISC - http://secunia.com/secunia_research/2008-18/advisory/

SECUNIA - 29941


Last Updated: 27 May 2016 10:47:01