08/05/21 18:22:02 hDcJNaHG0
URLリンク(secunia.com)
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in Foxit Reader, which
can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when parsing
format strings containing a floating point specifier in the
"util.printf()" JavaScript function. This can be exploited to cause a
stack-based buffer overflow via a specially crafted PDF file.
Successful exploitation allows execution of arbitrary code.
======================================================================
5) Solution
The vulnerability is fixed in upcoming version 2.3 build 2912.
======================================================================
6) Time Table
23/04/2008 - Vendor notified.
08/05/2008 - Vendor notified again.
08/05/2008 - Vendor response.
20/05/2008 - Public disclosure.