Release DateAug 31, 2010 |
Severitymedium |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit a remote code-execution vulnerabilityin Foxit Reader. The vulnerability is due to the vulnerable software's inability to properly handle malformed Compact Font Format (CFF) data within a PDF document. It can be exploited via a crafted PDF file, leading to remote code execution. |
Affected ProductsFoxit Reader version 4.1.0.0726Windows Vista Ultimate - sp0 (i386) Foxit Reader version 4.1.0.0726 Windows Vista Ultimate - sp1 (i386) Foxit Reader version 4.1.0.0726 Windows Vista Ultimate - sp2 (i386) Foxit Reader version 4.1.0.0726 Windows XP Professional - sp2 (i386) Foxit Reader version 4.1.0.0726 Windows XP Professional - sp3 (i386) Foxit Reader version 4.1.0.0726 |
Recommended ActionsRefer to the vendor's website for the suggested workaround:http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#iphone |
Coverage IPS
VCM |
Reference/shttp://www.securityfocus.com/bid/43785 (BugTraq) |
