29 lines
No EOL
1.9 KiB
Text
29 lines
No EOL
1.9 KiB
Text
# Exploit Title: Foxit Reader 5.4.3.* - 5.4.5.0124 - PDF (Portable Document Format) XREF (Cross Reference Table) parsing Denial of Service Vulnerability
|
|
# Date (found): 2012.11.17
|
|
# Date (publish): 2013.04.17
|
|
# Exploit Author: FuzzMyApp
|
|
# Vendor Homepage: http://www.foxitsoftware.com
|
|
# Version: 5.4.3.* - 5.4.5.0124 (till latest)
|
|
# Tested on: Windows XP SP3 Professional Edition
|
|
|
|
Name:PDF Cross Reference Table parsing Denial of Service vulnerability.
|
|
Type:DoS
|
|
Description:Foxit Reader does not validate data in PDF Cross Reference Table (XREF) header properly. Tampering with XREF header may lead to integer division by zero exception during its parsing by the application. Raised, not handled, exception causes Denial of Service of Foxit Reader. Vendor was notified on 2013.02.21 but has not responded to this submission. This issue is present in the latest version of application avaiable at the time of writing.
|
|
Exception:Integer division by zero exception.
|
|
Disasm:0055EB70 |> \33C0 |XOR EAX,EAX
|
|
0055EB72 |> 8B28 |MOV EBP,DWORD PTR DS:[EAX]
|
|
0055EB74 |. 896C24 64 |MOV DWORD PTR SS:[ESP+64],EBP
|
|
0055EB78 |. 8D3C2E |LEA EDI,DWORD PTR DS:[ESI+EBP]
|
|
0055EB7B |. 3BFE |CMP EDI,ESI
|
|
0055EB7D |. 897C24 20 |MOV DWORD PTR SS:[ESP+20],EDI
|
|
0055EB81 |. 0F82 7F020000 |JB Foxit_Re.0055EE06
|
|
0055EB87 |. 83C8 FF |OR EAX,FFFFFFFF
|
|
0055EB8A |. 33D2 |XOR EDX,EDX
|
|
0055EB8C |. F7F7 |DIV EDI ; [www.FuzzMyApp.com] Integer division by zero exception
|
|
0055EB8E |. 394424 3C |CMP DWORD PTR SS:[ESP+3C],EAX
|
|
0055EB92 |. 0F83 6E020000 |JNB Foxit_Re.0055EE06
|
|
|
|
Advisory: http://www.fuzzmyapp.com/advisories/FMA-2012-042/FMA-2012-042-EN.xml
|
|
|
|
Exploit PoC: http://fuzzmyapp.com/advisories/FMA-2012-042/FMA-2012-042.pdf
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/24962.pdf |