Foxit Products GIF Conversion - 'LZWMinimumCodeSize' Memory Corruption

EDB-ID:

36334

CVE:

2015-2790

EDB Verified:

Author:

Francis Provencher

Type:

dos

Exploit:   /  

Platform:

Windows

Date:

2015-03-11

Vulnerable App: 
#####################################################################################

Application:   Foxit Products GIF Conversion Memory Corruption Vulnerabilities (LZWMinimumCodeSize)

Platforms:   Windows

Versions:   The vulnerability is confirmed in version Foxit Reader 7.x. Other versions may also be affected.

Secunia:   SA63346

{PRL}:   2015-01

Author:   Francis Provencher (Protek Research Lab’s)

Website:   http://www.protekresearchlab.com/

Twitter:   @ProtekResearch

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============

 

Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.[3] Early versions of Foxit Reader were notable for startup performance and small file size.[citation needed] Foxit has been compared favorably toAdobe Reader.[4][5][6] The Windows version allows annotating and saving unfinished PDF forms, FDF import/export, converting to text, highlighting and drawing.

(http://en.wikipedia.org/wiki/Foxit_Reader)

#####################################################################################

============================
2) Report Timeline
============================

2015-02-17: Francis Provencher from Protek Research Lab’s found the issue;
2015-02-21: Foxit Security Response Team confirmed the issue;
2015-02-21: Foxit fixed the issue;
2015-03-09: Foxit released fixed version of Foxit Reader 7.1/Foxit Enterprise Reader 7.1/Foxit PhantomPDF7.1.

#####################################################################################

============================
3) Technical details
============================

An error when handling LZWMinimumCodeSize can be exploited to cause memory corruption via a specially crafted GIF file.

#####################################################################################

===========

4) POC

===========

http://protekresearchlab.com/exploits/PRL-2015-01.gif
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36334.gif


###############################################################################
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services