CVE-2020-15629 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2020-15629?

CVE-2020-15629 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by exploiting a memory corruption flaw in Foxit Studio Photo when processing malicious TIF files. It affects users of Foxit Studio Photo 3.6.6.922, requiring them to open a malicious file or visit a malicious webpage.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by exploiting a memory corruption flaw in Foxit Studio Photo when processing malicious TIF files. It affects users of Foxit Studio Photo 3.6.6.922, requiring them to open a malicious file or visit a malicious webpage.

💻 Affected Systems

Products:

Foxit Studio Photo

Versions: 3.6.6.922

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: User interaction required (opening malicious TIF file or visiting malicious page).

📦 What is this software?

Foxit Studio Photo by Foxitsoftware

View all CVEs affecting Foxit Studio Photo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution in the context of the current user, potentially leading to data theft, malware installation, or lateral movement.

🟠

Likely Case

Arbitrary code execution on the local system, enabling attackers to steal files, install ransomware, or gain persistence.

🟢

If Mitigated

Limited impact if patched or workarounds applied, reducing risk to denial-of-service or application crashes.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is straightforward due to lack of input validation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 3.6.6.923 or later

Vendor Advisory: https://www.foxitsoftware.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit Studio Photo. 2. Go to Help > Check for Updates. 3. Follow prompts to install the latest version. 4. Restart the application.

🔧 Temporary Workarounds

Disable TIF file association

windows

Prevent Foxit Studio Photo from automatically opening TIF files to reduce attack surface.

Control Panel > Default Programs > Associate a file type or protocol with a program > Select .tif > Change program > Choose another application

Use application whitelisting

all

Restrict execution of Foxit Studio Photo to trusted sources only.

🧯 If You Can't Patch

Block TIF files at network perimeter (e.g., via email filters or web proxies).
Educate users to avoid opening TIF files from untrusted sources.

🔍 How to Verify

Check if Vulnerable:

Check if Foxit Studio Photo version is 3.6.6.922 via Help > About.

Check Version:

In Foxit Studio Photo, navigate to Help > About to view version.

Verify Fix Applied:

Confirm version is 3.6.6.923 or later after update.

📡 Detection & Monitoring

Log Indicators:

Application crashes or unexpected process terminations related to FoxitStudioPhoto.exe when handling TIF files.

Network Indicators:

Downloads of TIF files from untrusted sources or suspicious URLs.

SIEM Query:

EventID=1000 Source=FoxitStudioPhoto.exe AND FaultingModuleName contains .tif

📊 Metadata

CVE ID: CVE-2020-15629

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: August 20, 2020

Last Updated: November 21, 2024

🔗 References

https://www.foxitsoftware.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-870/ Third Party Advisory,VDB Entry
https://www.foxitsoftware.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-870/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-15629, you might also want to check these: