Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0191

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0191
Last Modified 21 Mar 2009 01:53:51
Published 10 Mar 2009 04:30:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0191

Summary

Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location.

Vulnerable Systems

Application

  • Foxitsoftware Foxit Reader 2.3

  • Foxitsoftware Foxit Reader 3.0

  • Foxitsoftware Foxit Reader 3.0.2009.1301


References

VUPEN - ADV-2009-0634

CONFIRM - http://www.foxitsoftware.com/pdf/reader/security.htm#Processing

XF - foxitreader-jbig2-code-execution(49135)

SECTRACK - 1021822

BID - 34035

BUGTRAQ - 20090309 Secunia Research: Foxit Reader JBIG2 Symbol Dictionary Processing Vulnerability

MISC - http://secunia.com/secunia_research/2009-11/

SECUNIA - 34036


Last Updated: 27 May 2016 10:50:09