Security Update for Foxit Reader and Foxit PhantomPDF 8.0 Products

ITS Advisory Number: 
2016-112
Date(s) Issued: 
Friday, July 8, 2016
Subject: 
Security Update for Foxit Reader and Foxit PhantomPDF 8.0 Products
Overview: 

This Security update resolves vulnerabilities in the Foxit Reader and FoxitPhantomPDF 8.0 Products. Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files. Successful exploitation of these vulnerabilities could potentially allow an unauthenticated attacker to elevate privileges, take control of the affected system or can trigger a memory corruption condition by writing certain data to a shared memory region. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.

Systems Affected: 
  • Foxit Reader 7.2.8.1124 and earlier for Windows

  • Foxit PhantomPDF 7.2.2.929 earlier for Windows

  • Foxit Reader 7.3.0.118 and earlier for Windows

  • Foxit PhantomPDF 7.3.0.118 and earlier for Windows

  • Foxit Reader 7.3.4311 and earlier for Windows

  • Foxit PhantomPDF 7.3.4.311 and earlier for Windows

  • Foxit Reader 1.1.0.0225 and earlier for Linux

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
Medium
Description: 

This Security update address the following vulnerabilities:

  • An issue where the application could be exposed to a Use-After-Free Remote Code Execution vulnerability when opening a XFA file whose layout direction is set as "lr-tb".
  • An issue where the application could be exposed to a FlatDecode Use-After-Free Remote Code Execution vulnerability when parsing the inline image in certain PDF file [CVE-2016-6168]
  • A vulnerability where the application could be exposed to a Safe Mode Bypass Information Disclosure when handling SWF content that is embedded in a PDF file.
  • A vulnerability where the application could be exposed to a ConvertToPDF TIFF/BMP Parsing Out-of-Bounds Write Remote Code Execution when converting certain TIFF/BMP file to PDF file.
  • Vulnerability where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure when converting a JPEG file that contains incorrect EXIF data to PDF file.
  • Vulnerability where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure when parsing a JPEG image with corrupted color component in a PDF file.
  • Vulnerability where the application could be exposed to a Heap Buffer Overflow Remote Code Execution vulnerability when processing specially crafted TIFF files with large SamplesPerPixel values.
  • Security problem where the application could be exposed to a Stack Buffer Overflow Remote Code Execution vulnerability when parsing an unusually long GoToR string.
  • Security issue where the application could crash unexpectedly when parsing a PDF file that contains messy code in its image description.
  • Vulnerability where the application could be exposed to a Heap Overflow vulnerability when parsing the content of a PDF file containing incorrect Bezier data [CVE-2016-6169]
  • Security concern where the application could crash unexpectedly due to memory corruption or invalid read when opening a specially crafted PDF file, which could be leveraged by attackers to execute a controlled crash.
  • Vulnerability where the application could still use the pointer after the object it pointed had been removed, which could cause an application crash.
  • Vulnerability where the application could crash caused by the error in parsing malformed content stream.
  • Security problem where the application recursively called the format error of some PDFs and led to no response when opening the PDF.
  • Security issues with application not parsing the image content in the document normally.
  • Vulnerability where the destructor of the object whose generation number is -1 in the PDF file could release the file handle which had been imported by the application layer.
  • Security issues where XFA's underlying data failed to synchronize with that of PhantomPDF/Reader caused by the re-layout underlying XFA.
  • Security concern where the application could call JavaScripts to do Save As or Print when closing the document.
  • Security issue where the TimeOut function responded incorrectly and could cause the application crash.
  • Vulnerability where the application could be exposed to the Font Parsing Use-After-Free Remote Code Execution.
  • Vulnerability where the application could be exposed to the Global setPersistent Use-After-Free Remote Code Execution.
  • Vulnerability exposed to XFA FormCalc Replace Integer Overflow.
  • Vulnerability with Remote Code Execution due to JBIG2 Out-of-Bounds Read.
  • Vulnerability with Microsoft Windows Gdiplus GpRuntime::GpLock::GpLock Use-After-Free Remote Code Execution
  • Vulnerability exposed to DLL hijacking when trying to load xpsp2res.dll or phoneinfo.dll.

Successful exploitation of these vulnerabilities could potentially allow an unauthenticated attacker to elevate privileges, take control of the affected system or can trigger a memory corruption condition by writing certain data to a shared memory region. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.

Actions: 
  • After appropriate testing, install applicable updates provided by Foxit to the vulnerable systems.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.