22 Jun 2009
Foxit Reader JPEG2000/JBIG Decoder Add-On 2.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Will Dormann has discovered a vulnerability in the JPEG2000/JBIG Decoder add-on for Foxit Reader, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to an error when parsing boxes in a JPEG 2000 stream and can be exploited to cause a heap-based buffer overflow via a PDF file containing a specially crafted JPEG 2000 image.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in version 2.0 Build 2009.303. Other versions may also be affected.
Update to version 2.0 Build 2009.616.
Will Dormann, CERT/CC.