This means that an attacker doesn’t even need to race a request to the FoxitProxyServer_Socket_RD.exe binary at all.
DRIVER FOXIT READER PDF PRINTER CODE
This gives an attacker executing code in a render tab a kind of race condition window, when the user attempts to print to PDF using the Foxit PDF Printer.Īfter more investigation into the issue, I later found out you can make calls to CreateDC API from some sandboxed processes to get a printer device context and then later create a print job with the default printer. Once a request is made, it closes the port and terminates execution. That brief second is due to the server listening on localhost port 50000 by default and accepting only a single request. This essentially means that the FoxitProxyServer_Socket_RD.exe binary will be started, at medium integrity for a brief second. Once Foxit Reader is installed, the Foxit PDF Printer is the default printer used for handling print jobs. The PDF Printer is a relatively undocumented feature within Foxit Reader and is primarily used to handle print requests to a PDF file from any application.
At the time, this was of course the latest version. I tested version 9.3.0.912 of Foxit Reader with SHA1 of the FoxitProxyServer_Socket_RD.exe binary being: 0e1554311ba8dc04c18e19ec144b02a22b118eb7. TL DR I walk through the attack vector, analysis and exploitation of CVE-2018-20310 which is a stack based buffer overflow in the PDF Printer when sending a specially crafted proxyDoAction request. To my (un)surprise, I was able to discover several vulnerabilities in this component that could allow for a limited elevation of privilege, one being particularly nasty. In the spirit of catching foxes, I decided to look at a new component in Foxit Reader later in that same year. Then, as the second installment I blogged about a command injection in Foxit Reader SDK ActiveX. It also comes with several collaborative work tools, version control, and a note system that can be used by several users.Mid last year, I blogged about how I found an exploitable use-after-free in Foxit Reader and how I was able to gain remote code execution from that vulnerability. Other Foxit Reader features worth pointing out include its social options, as it comes with a tool that integrates Twitter, Facebook, Evernote, and Microsoft SharePoint.
It also lets you take notes on the documents, underline texts, and draw on the PDF pages.Īpart from being able to carry out modifications in documents which have already been created, it allows you to create PDF files from scratch, allowing you to create them based on other compatible text document, from scanned documents, and from the clipboard. It is fully compatible with just about all files read by Adobe's proprietary software, except for PDX.įoxit Reader includes a multimedia player that can process all media files embedded in PDF documents, a common occurrence in many e-books a magnifying glass to better see details in pages, and a feature that allows you to use automatic scroll. Use Foxit Reader's tabs to open several documents at the same time, and the bookmark system to quickly access a specific part of the txt. Plus, it offers better performance than Adobe Reader when it comes to loading documents and viewing them in a way that flows naturally.
DRIVER FOXIT READER PDF PRINTER SERIES
Foxit Reader is a PDR reader that comes with a series of innovative features that make working with these documents much easier.
0 kommentar(er)
