Foxit Reader Insecure Library Loading

[robkraus () soutionary com]

Vulnerability title: Foxit Reader Insecure Library Loading

CVSS Risk Rating: 2.9 (Low)

Product: Foxit Reader

Application Vendor: Foxit

Vendor URL: http://www.foxitsoftware.com

Public disclosure date: 7/21/2011

Discovered by: Jose Hernandez and Solutionary Engineering Research Team (SERT)

Solutionary ID: SERT-VDN-1009

Solutionary public disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Foxit-Reader.html

Vulnerability Description: Foxit Reader is vulnerable to a Insecure Library Loading vulnerability. The libraries 
identified as being vulnerable are dwmapi.dll, dwrite.dll and msdrm.dll. The vulnerability lies in the way Microsoft 
Windows loads DLLs. If applications load a library from a specific path and call that path implicitly, Microsoft 
Windows searches several default paths to find and load the library. A malicious attacker can create a malicious DLL 
with the same name and place it in a directory where Microsoft Windows searches by default. The application will load 
the malicious DLL resulting in arbitrary code execution.

Affected software versions: 5.0.1.0523

Impact: Successful exploitation allows local or remote arbitrary code execution.

Fixed in: The vendor has provided a patch to fix this issue. Please upgrade to version 5.0.2.0718.

Remediation guidelines: The vendor has provided a patch to fix this issue. Please upgrade to version 5.0.2.0718.