Full Disclosure mailing list archives

Re: Foxit Reader suffers from Division By Zero

From: Nick Boyce <nick.boyce () gmail com>
Date: Sun, 30 Sep 2012 02:35:22 +0100

On Sat, Sep 29, 2012 at 8:01 AM, kaveh ghaemmaghami
<kavehghaemmaghami () googlemail com> wrote:

Title            :  Foxit Reader suffers from Division By Zero
Version          :  5.4.3.0920

[...]

division by zero vulnerability during the handling of the pdf files.
that will trigger a denial of service condition

[...]

Proof of concept .pdf included.


Confirmed with V5 Foxit Reader 5.4.3.0920 on WinXP Pro SP3 (though
with a slightly different offset - 0015eb8c ... ASLR ?).

Interestingly, NOT confirmed for Foxit Reader 4.3.1.0323 (the last
version of the V4 Foxit Reader, which is the last version many people
are comfortable with); with this version I get a dialog box stating
"format error: not a PDF or corrupted", and no crash.  This is also on
XP Pro SP3.  Another reason to be disappointed with Foxit Reader V5 :)

Cheers
Nick Boyce
-- 
You are in a maze of twisty little relative jumps, all alike.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Foxit Reader suffers from Division By Zero kaveh ghaemmaghami (Sep 29)
- Re: Foxit Reader suffers from Division By Zero Mario Vilas (Sep 29)
- Re: Foxit Reader suffers from Division By Zero Nick Boyce (Sep 29)