... darkrealms ...

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

WIN95

Chat about Windows 95, 98, ME systems

13,597 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 12,682 of 13,597

mark lewis to all

400 million Foxit users need to catch up

01 Jul 16 15:24:54

   http://www.theregister.co.uk/2016/07/01/foxit_patches_756/   
      
   ===== snip =====   
      
   Makers of popular PDF reader Foxit have patched 12 dangerous vulnerabilities   
   that could have resulted in remote code execution.   
      
   Some 400 million users run the flagship reader billed as an alternative to   
   Adobe Reader. The dozen flaws ( http://www.zerodayinitiative.com   
   advisories/published/ ) are patched in Windows and Linux variants.   
      
   Users would need to be conned into opening a malicious PDF with Foxit Reader   
   or PhantomPDF in order to be compromised using the vulnerabilities.   
      
   Seven of the patched holes allowed direct remote code execution while the   
   remainder required chaining with other flaws to achieve the level of   
   compromise.   
      
   Foxit listed six of the flaws in an advisory.   
      
   Version 8 of Reader and PhantomPDF plug the flaws:   
      
     * ConvertToPDF TIFF Parsing Out-Of-Bounds Write Remote Code Execution   
   Vulnerability   
     * ConvertToPDF BMP Parsing Out-Of-Bounds Read Information Disclosure   
   Vulnerability   
     * ConvertToPDF GIF Parsing Out-Of-Bounds Write Remote Code Execution   
   Vulnerability   
     * JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability   
     * JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability   
     * ConvertToPDF TIFF Parsing Out-Of-Bounds Write Remote Code Execution   
   Vulnerability   
     * exportData Restrictions Bypass Remote Code Execution Vulnerability   
     * Safe Mode Bypass Information Disclosure Vulnerability   
     * FlateDecode Use-After-Free Remote Code Execution Vulnerability   
     * Pattern Uninitialized Pointer Remote Code Execution Vulnerability   
     * FlateDecode Use-After-Free Remote Code Execution Vulnerability   
     * GoToR action Stack Buffer Overflow Remote Code Execution Vulnerability   
      
   (R)   
      
   ===== snip =====   
      
   )\/(ark   
      
   Always Mount a Scratch Monkey   
      
   ... Designed for dumbasses with lots of disposable income who believe ads.   
   ---   
    * Origin:  (1:3634/12.73)

[ << oldest | < older | list | newer > | newest >> ]