Foxit PDF Reader Stack Buffer Overflow Vulnerability in Title Field

A stack-based buffer overflow vulnerability has been identified in Foxit PDF Reader versions prior to 4.2.0.0928. The issue arises because the application does not properly validate the length of the Title string in the PDF Info dictionary. This flaw can be exploited by crafting a PDF with an excessively long Title, which overflows a fixed-size stack buffer. The overflow corrupts the Structured Exception Handler (SEH) chain, potentially allowing arbitrary code execution in the context of the user opening the file.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing an overwrite of the Structured Exception Handler (SEH) chain. This manipulation can be leveraged to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by creating a PDF file that includes a Title entry in the Info dictionary with a string that exceeds the maximum allowed length. When this malformed PDF is opened in Foxit PDF Reader version 4.1.1, the application will crash, and the exploit can be observed by using a debugger to check the state of the SEH chain.

Remediation

Users are advised to update to Foxit PDF Reader version 4.2.0.0928 or later, where this vulnerability has been patched.