CVE-2010-20010

EUVD-2010-5306
Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulnCheckCNA
8.4 HIGH
LOCAL
LOW
NONE
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
foxitpdf_reader
𝑥
< 4.2.0.928
CNA
Common Weakness Enumeration
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_title_bof.rb
https://www.exploit-db.com/exploits/15514/
https://www.exploit-db.com/exploits/15532
https://www.exploit-db.com/exploits/16621
https://www.foxit.com/pdf-reader/version-history.html
https://www.vulncheck.com/advisories/foxit-pdf-reader-title-stack-buffer-overflow