Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0836

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-0836
Last Modified 06 Apr 2010 01:36:37
Published 10 Mar 2009 04:30:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0836

Summary

Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action.

Vulnerable Systems

Application

  • Foxitsoftware Reader 2.3

  • Foxitsoftware Reader 3.0


References

CONFIRM - http://www.foxitsoftware.com/pdf/reader/security.htm#bypass

VUPEN - ADV-2009-0634

SECTRACK - 1021824

BID - 34035

BUGTRAQ - 20090309 Foxit Reader Multiple Vulnerabilities (CORE-2009-0218)

MISC - http://www.coresecurity.com/content/foxit-reader-vulnerabilities

SECUNIA - 34036

MLIST - [dailydave] 20100402 0day, it may not be

MISC - http://blog.zoller.lu/2009/03/remote-code-execution-in-pdf-still.html


Last Updated: 27 May 2016 10:50:22