Intrusion Prevention

Foxit.Reader.Font.Format.Buffer.Overflow

Description

This indicates an attack attempt to exploit a remote code-execution vulnerability
in Foxit Reader.
The vulnerability is due to the vulnerable software's inability to properly handle malformed Compact Font Format (CFF) data within a PDF document. It can be exploited via a crafted PDF file, leading to remote code execution.

Affected Products

Foxit Reader version 4.1.0.0726
Windows Vista Ultimate - sp0 (i386)
Foxit Reader version 4.1.0.0726
Windows Vista Ultimate - sp1 (i386)
Foxit Reader version 4.1.0.0726
Windows Vista Ultimate - sp2 (i386)
Foxit Reader version 4.1.0.0726
Windows XP Professional - sp2 (i386)
Foxit Reader version 4.1.0.0726
Windows XP Professional - sp3 (i386)
Foxit Reader version 4.1.0.0726

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's website for the suggested workaround:
http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#iphone