Foxit Reader v4.1.1 Stack Overflow Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Foxit Reader v4.1.1 Stack Overflow Vulnerability
# Published : 2010-11-13
# Author : dookie
# Previous Title : IBM OmniFind Buffer Overflow Vulnerability
# Next Title : Camtron CMNC-200 IP Camera Denial of Service Vulnerability

Foxit Reader 4.1.1 is subject to a stack overflow vulnerability when parsing overly long unicode titles resulting in a SEH overwrite.
The included PoC results in a SEH overwrite. The exception must be passed twice in order to reach the overwritten handler.
This vulnerability was reported to the vendor and was patched in Foxit Reader 4.2.

https://www.exploit-db.com/sploits/foxit_411_poc.pdf