==================================================================== CERT-Renater Note d'Information No. 2020/VULN467 _____________________________________________________________________ DATE : 24/08/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Foxit Studio Photo versions prior to 3.6.6.928. ===================================================================== https://www.foxitsoftware.com/support/security-bulletins.html _____________________________________________________________________ Security update available in Foxit Studio Photo 3.6.6.928 Release date: August 21, 2020 Platform: Windows Summary Foxit has released Foxit Studio Photo 3.6.6.928, which addresses potential security and stability issues. Affected versions Product Affected versions Platform Foxit Studio Photo 3.6.6.927 and earlier Windows Solution Update Foxit Studio Photo to the latest versions by following the instructions below. Click here to download the updated version of Foxit Studio Photo from our website. Vulnerability details Brief Addressed potential issues where the application could be exposed to Out-of-Bounds Write Information Disclosure vulnerability and crash if users were using PSD File tampered. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. (CVE-2020-17403/CVE-2020-17404). Acknowledgement Mat Powell of Trend Micro Zero Day Initiative Pengsu Cheng of Trend Micro Security Research working with Trend Micro’s Zero Day Initiative For more information, please contact the Foxit Security Response Team at [email protected]. ========================================================= + CERT-RENATER       |    tel : 01-53-94-20-44          + + 23/25 Rue Daviel   |    fax : 01-53-94-20-41          + + 75013 Paris        |    email:cert@support.renater.fr + =========================================================