发布日期:2012-09-28 更新日期:2012-10-10受影响系统: Foxit Foxit Reader 描述: -------------------------------------------------------------------------------- BUGTRAQ ID: 55734Foxit Reader是一款小型的PDF文档查看器和打印程序。Foxit Reader 5.4.3.0920及其他版本处理PDF文档时存在拒绝服务漏洞,可允许远程攻击者使受影响应用崩溃。<*来源:coolkaveh *>测试方法: --------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!Title : Foxit Reader suffers from Division By Zero Version : 5.4.3.0920 Date : 2012-09-28 Vendor : http://www.foxitsoftware.com/ Impact : Med/High Contact : coolkaveh [at] rocketmail.com Twitter : @coolkaveh tested : XP SP3 ##################################################################### Bug : ---- division by zero vulnerability during the handling of the pdf files. that will trigger a denial of service condition##################################################################### (b34.f24): Integer divide-by-zero - code c0000094 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=ffffffff ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000 eip=00558c8c esp=0012f928 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 *** ERROR: Module load completed but symbols could not be loaded for FoxitReader_Lib_Full.exe FoxitReader_Lib_Full+0x158c8c: 00558c8c f7f7 div eax,edi 0:000> r;!exploitable -v;q eax=ffffffff ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000 eip=00558c8c esp=0012f928 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 FoxitReader_Lib_Full+0x158c8c: 00558c8c f7f7 div eax,edi HostMachineHostUser Executing Processor Architecture is x86 Debuggee is in User Mode Debuggee is a live user mode debugging session on the local machine Event Type: Exception *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - Exception Faulting Address: 0x558c8c First Chance Exception Type: STATUS_INTEGER_DIVIDE_BY_ZERO (0xC0000094)Faulting Instruction:00558c8c div eax,ediBasic Block: 00558c8c div eax,edi Tainted Input Operands: ax, dx, eax, edi 00558c8e cmp dword ptr [esp+3ch],eax Tainted Input Operands: eax 00558c92 jae foxitreader_lib_full+0x158f06 (00558f06) Tainted Input Operands: CarryFlagException Hash (Major/Minor): 0x6461647c.0x64616453Stack Trace: FoxitReader_Lib_Full+0x158c8c Instruction Address: 0x0000000000558c8cDescription: Integer Divide By Zero Short Description: DivideByZero Recommended Bug Title: Integer Divide By Zero starting at FoxitReader_Lib_Full+0x0000000000158c8c (Hash=0x6461647c.0x64616453) #####################################################################Proof of concept .pdf included: http://www.exploit-db.com/sploits/21645.pdf建议: -------------------------------------------------------------------------------- 厂商补丁:Foxit ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.foxitsoft.com/wac/server_intro.phpXnView JPEG-LS图形处理堆缓冲区溢出漏洞Pre Printing Press "pid"参数SQL注入漏洞相关资讯 Foxit Reader 拒绝服务漏洞 Foxit Reader漏洞
易网时代-编程资源站