Foxit Reader Plugin Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

A stack-based buffer overflow vulnerability has been identified in the Foxit Reader Plugin, specifically in the npFoxitReaderPlugin.dll module, version 2.2.1.530. This vulnerability is present in Foxit Reader version 5.4.4.11281. The issue arises when a PDF file is loaded from a remote host, and an overly long query string in the URL exceeds the buffer capacity. This overflow can be exploited by remote attackers to execute arbitrary code.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by sending a crafted URL with an excessively long query string to a system with the vulnerable Foxit Reader Plugin installed. The URL must be processed by Firefox, specifically version 18.0, on a Windows 7 SP1 environment. When the PDF file is accessed, the buffer overflow occurs, overwriting stack pointers and causing an access violation exception.

Remediation

Users are advised to upgrade to Foxit Reader version 5.4.5.0114 and install the latest Firefox Plugin via the internal update mechanism.