====================================================================

                                   CERT-Renater

                       Note d'Information No. 2016/VULN398
_____________________________________________________________________

DATE                : 24/11/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Foxit Reader, Foxit PhantomPDF
                        versions prior to 8.1.1.

=====================================================================
https://www.foxitsoftware.com/support/security-bulletins.php
____________________________________________________________________

Security updates available in Foxit Reader 8.1.1 and Foxit PhantomPDF
8.1.1


Release date: November 17, 2016

Platform: Windows


Summary

Foxit has released Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1, which
address potential security and stability issues.


Affected versions

Product
	

Affected versions
	

Platform

Foxit Reader
	

8.1.0.1013 and earlier
	

Windows

Foxit PhantomPDF
	

8.1.0.1013 and earlier
	

Windows


Solution

Update your applications to the latest versions by following one of the
instructions below.

      From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on
“Check for Updates” and update to the latest version.
      Click here to download the updated version of Foxit Reader from our
website.
      Click here to download the updated version of Foxit PhantomPDF from
our website. Note that purchasing a license may be necessary to use
PhantomPDF beyond the trial period.


Vulnerability details


Brief                                                    Acknowledgement

Addressed potential issues where
the application could be exposed to
a JPEG2000 Parsing Out-of-Bounds Read
vulnerability, which could lead to
information disclosure.                       Gogil of STEALIEN working
                                                with Trend Micro's Zero
                                                Day Initiative

Addressed a potential issue where the
application could be exposed to a
JPEG2000 Parsing Use-After-Free
vulnerability, which could be leveraged
by attackers to execute remote code.          Gogil of STEALIEN working
                                                with Trend Micro's Zero
                                                Day Initiative

Addressed a potential issue where the
application could be exposed to a JPEG2000
Parsing Heap-Based Buffer Overflow
vulnerability, which could be exploited by
attackers to execute remote code.             Gogil of STEALIEN working
                                                with Trend Micro's Zero
                                                Day Initiative

For more information, please contact the Foxit Security Response Team
at security-ml@foxitsoftware.com.


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================