Foxit Reader (may be) vulnerable

I came across this today, a Multiple Vendor PDF Document Catalog Handling Vulnerability over at MOAB. I was curious, so I decided to check it out and download the POC exploit code. The document failed to open on my Windows XP workstation using Foxit Reader version 2.0 build 0922. I ran it through Visual C++ Express to see what I can get from debugging it, (unfortunately not much due to not having Foxit source code or the symbols) and got this:

First-chance exception at 0x0042a266 in FoxitReader.exe: 0xC00000FD: Stack overflow. Unhandled exception at 0x0042a266 in FoxitReader.exe: 0xC00000FD: Stack overflow.

I'll post updates as they become available.

Posted by Marcin on Monday, January 8, 2007 in Security.