Foxit Reader and PhantomPDF ConvertToPDF Integer Overflow

Strike ID:
E20-158s1
CVSS:
7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
1
Year:
2020

Description

This strike exploits an integer overflow vulnerability reported in Foxit Reader and PhantomPDF softwares. This vulnerability is due to improper parsing of image files within memory. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious web page or open a crafted image file. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user.

CVE

References

Metasploit

Zdi