CVE-2016-8878 - OpenCVE

Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER."

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Foxitsoftware	Phantompdf Reader

Configuration 1 [-]

OR	cpe:2.3:a:foxitsoftware:phantompdf::::::windows::*
	cpe:2.3:a:foxitsoftware:reader::::::windows::*

References

Link	Resource
http://www.securityfocus.com/bid/93608	Third Party Advisory VDB Entry
https://www.foxitsoftware.com/support/security-bulletins.php	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-10-31T10:00:00

Updated: 2016-11-25T19:57:01

Reserved: 2016-10-21T00:00:00

Link: CVE-2016-8878

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-10-31T10:59:14.007

Modified: 2016-11-29T19:27:55.993

Link: CVE-2016-8878

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-31T00:00:00", "descriptions": [{"lang": "en", "value": "Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka \"Data from Faulting Address may be used as a return value starting at FOXITREADER.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "93608", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93608"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-8878", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka \"Data from Faulting Address may be used as a return value starting at FOXITREADER.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "93608", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93608"}, {"name": "https://www.foxitsoftware.com/support/security-bulletins.php", "refsource": "CONFIRM", "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-8878", "datePublished": "2016-10-31T10:00:00", "dateReserved": "2016-10-21T00:00:00", "dateUpdated": "2016-11-25T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A3E2E5C8-6D6E-404F-87D0-B3F8DB72C9BE", "versionEndIncluding": "8.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:windows:*:*", "matchCriteriaId": "67E21136-133D-46B7-B163-E648DF9B9F1B", "versionEndIncluding": "8.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka \"Data from Faulting Address may be used as a return value starting at FOXITREADER.\""}, {"lang": "es", "value": "Vulnerabilidad de lectura fuera de l\u00edmites en Foxit Reader y PhantomPDF en versiones anteriores a 8.1 en Windows, cuando se habilita la aplicaci\u00f3n gflags, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen BMP manipulada incrustada en el flujo XFA en un documento PDF, vulnerabilidad tambi\u00e9n conocida como \"Data de Faulting Address puede ser usada como un valor de retorno a partir de FOXITREADER\"."}], "id": "CVE-2016-8878", "lastModified": "2016-11-29T19:27:55.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-31T10:59:14.007", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93608"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}