Login Sign Up

CVE-2020-8870

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in Foxit Studio Photo allows remote attackers to execute arbitrary code by tricking users into opening malicious TIF files. The flaw exists in the GetTIFPalette method where improper data validation enables out-of-bounds reads that can lead to code execution. Users of Foxit Studio Photo 3.6.6.916 are affected.

💻 Affected Systems

Products:
  • Foxit Studio Photo
Versions: 3.6.6.916
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of the affected version are vulnerable by default. User interaction required (opening malicious file).

📦 What is this software?

Foxit Studio Photo by Foxitsoftware

View all CVEs affecting Foxit Studio Photo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution with user privileges, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Attacker gains code execution in the context of the current user, enabling data exfiltration, credential theft, and installation of additional malware.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only crashing the application.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious file is opened. ZDI advisory suggests reliable exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version 3.6.6.917 or later

Vendor Advisory: https://www.foxitsoftware.com/support/security-bulletins.php

Restart Required: Yes

Instructions:

1. Open Foxit Studio Photo
2. Go to Help > Check for Updates
3. Follow prompts to install latest version
4. Restart application

🔧 Temporary Workarounds

Disable TIF file association

windows

Prevent Foxit Studio Photo from automatically opening TIF files

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .tif/.tiff to another application

Application sandboxing

windows

Run Foxit Studio Photo in restricted environment

🧯 If You Can't Patch

  • Uninstall Foxit Studio Photo 3.6.6.916 completely
  • Implement strict email/web filtering to block TIF files
  • Educate users not to open TIF files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Foxit Studio Photo for version 3.6.6.916

Check Version:

wmic product where name="Foxit Studio Photo" get version

Verify Fix Applied:

Verify version is 3.6.6.917 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with TIF file processing
  • Unusual process creation from FoxitStudioPhoto.exe
  • Memory access violations in application logs

Network Indicators:

  • Downloads of TIF files from suspicious sources
  • Outbound connections from Foxit Studio Photo to unknown IPs

SIEM Query:

process_name="FoxitStudioPhoto.exe" AND (event_id=1000 OR event_id=1001) AND file_extension=".tif"

📊 Metadata

CVE ID: CVE-2020-8870
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: August 20, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-8870, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)