Multiple vulnerabilities in Foxit Reader and PhantomPDF
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | N/A |
| CWE-ID | CWE-592 CWE-787 CWE-125 CWE-22 CWE-200 CWE-121 CWE-20 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Foxit PDF Editor (formerly Foxit PhantomPDF) Client/Desktop applications / Office applications Foxit PDF Reader for Windows Client/Desktop applications / Office applications |
| Vendor | Foxit Software Inc. |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) BMP parsing out-of-bounds read information disclosure vulnerability
EUVDB-ID: #VU68
Risk: High
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-592 - Authentication Bypass Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to disclose sensitive information on vulnerable installations of Foxit Reader.
The vulnerability exists within the ConvertToPDF plugin. A remote unauthenticated attacker can obtain sensitive information by triking a victim to visit a malicious page or open a malicious file.
Successful exploitation of this vulnerability may result in sensitive information disclosure.
Update your applications to the latest versions, which can be found at:
https://www.foxitsoftware.com/support/security-bulletins.php
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.4.311
Foxit PDF Reader for Windows: 7.3.4.311
CPE2.3- cpe:2.3:a:foxit_software:foxit_phantompdf:7.3.4.311:*:*:*:*:*:*:*
- cpe:2.3:a:foxit_software:foxit_reader_for_windows:7.3.4.311:*:*:*:*:*:*:*
https://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU69
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on vulnerable installations of Foxit Reader.
The vulnerability exists within the ConvertToPDF plugin. A remote unauthenticated attacker can cause arbitrary code execution by tricking a victim to visit a malicious page or open a malicious file.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Update your application to the latest versions, which can be found at:
https://www.foxitsoftware.com/support/security-bulletins.php
Foxit PDF Reader for Windows: 7.3.0.118
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118
CPE2.3- cpe:2.3:a:foxit_software:foxit_reader_for_windows:7.3.0.118:*:*:*:*:*:*:*
- cpe:2.3:a:foxit_software:foxit_phantompdf:7.3.0.118:*:*:*:*:*:*:*
https://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU70
Risk: High
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to leak sensitive information on vulnerable installations of Foxit Reader.
The vulnerability exists within JPEG parsing. A remote unauthenticated attacker can obtain sensitive information by sending a specially crafted JPEG image to vulnerable server.
Successful exploitation of this vulnerability may result in sensitive information disclosure.
Update your applications to the latest versions, which can be found at:
https://www.foxitsoftware.com/support/security-bulletins.php
Foxit PDF Reader for Windows: 7.3.4.311
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.4.311
CPE2.3- cpe:2.3:a:foxit_software:foxit_reader_for_windows:7.3.4.311:*:*:*:*:*:*:*
- cpe:2.3:a:foxit_software:foxit_phantompdf:7.3.4.311:*:*:*:*:*:*:*
https://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU71
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on vulnerable installations of Foxit Reader.
The vulnerability exists within the ConvertToPDF plugin. A remote unauthenticated attacker can cause arbitrary code execution by tricking a victim to visit a malicious page or open a malicious file.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Update your applications to the latest versions, which can be found at:
https://www.foxitsoftware.com/support/security-bulletins.php
Foxit PDF Reader for Windows: 7.3.0.118
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118
CPE2.3- cpe:2.3:a:foxit_software:foxit_reader_for_windows:7.3.0.118:*:*:*:*:*:*:*
- cpe:2.3:a:foxit_software:foxit_phantompdf:7.3.0.118:*:*:*:*:*:*:*
https://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Path traversal
EUVDB-ID: #VU72
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on vulnerable installations of Foxit Reader.
The vulnerability exists due to Foxit Reader does not properly check the path passed to exportData. A remote unauthenticated attacker can execute arbitrary code by tricking a victim to visit a malicious page or open a malicious file.
Successful exploitation of this vulnerability may result in arbitrary code execution on the target system.
Update your applications to the latest versions, which can be found at:
https://www.foxitsoftware.com/support/security-bulletins.php
Foxit PDF Reader for Windows: 7.3.0.118
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118
CPE2.3- cpe:2.3:a:foxit_software:foxit_reader_for_windows:7.3.0.118:*:*:*:*:*:*:*
- cpe:2.3:a:foxit_software:foxit_phantompdf:7.3.0.118:*:*:*:*:*:*:*
https://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU73
Risk: High
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to disclose sensitive information on vulnerable installations of Foxit Reader.
The vulnerability exists within the handling of SWF files inside PDF files. A remote unauthenticated attacker can obtain sensitive information by tricking a victim to visit a malicious page or open a malicious file.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Update your applications to the latest versions, which can be found at: https://www.foxitsoftware.com/support/security-bulletins.php
Vulnerable software versionsFoxit PDF Reader for Windows: 7.3.4.311
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.4.311
CPE2.3- cpe:2.3:a:foxit_software:foxit_reader_for_windows:7.3.4.311:*:*:*:*:*:*:*
- cpe:2.3:a:foxit_software:foxit_phantompdf:7.3.4.311:*:*:*:*:*:*:*
https://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Stack-based buffer overflow
EUVDB-ID: #VU74
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on vulnerable installations of Foxit Reader.
The vulnerability exists within FlateDecode. A remote unauthenticated attacker can cause stacked-based buffer overflow by sending a specially crafted PDF file to vulnerable server.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Update your applications to the latest versions, which can be found at:
https://www.foxitsoftware.com/support/security-bulletins.php
Foxit PDF Reader for Windows: 7.3.0.118
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118
CPE2.3- cpe:2.3:a:foxit_software:foxit_reader_for_windows:7.3.0.118:*:*:*:*:*:*:*
- cpe:2.3:a:foxit_software:foxit_phantompdf:7.3.0.118:*:*:*:*:*:*:*
https://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU75
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on vulnerable installations of Foxit Reader.
The vulnerability exists within the handling of PDF Patterns. A remote unauthenticated attacker can cause arbitrary code execution under the context of the current process by tricking a user to visit a malicious page or open a malicious file.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Update your application to the latest versions, which can be found at:
https://www.foxitsoftware.com/support/security-bulletins.php
Foxit PDF Reader for Windows: 7.3.0.118
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118
CPE2.3- cpe:2.3:a:foxit_software:foxit_reader_for_windows:7.3.0.118:*:*:*:*:*:*:*
- cpe:2.3:a:foxit_software:foxit_phantompdf:7.3.0.118:*:*:*:*:*:*:*
https://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free error
EUVDB-ID: #VU76
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on vulnerable installations of Foxit Reader.
The vulnerability exists within FlateDecode. A remote unauthenticated attacker can cause arbitrary code execution by sending a specially crafted PDF with a specific FlateDecode stream, that can force a dangling pointer to be reused after it has been freed.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Update your application to the latest versions, which can be found at:
https://www.foxitsoftware.com/support/security-bulletins.php
Foxit PDF Reader for Windows: 7.3.0.118
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118
CPE2.3- cpe:2.3:a:foxit_software:foxit_reader_for_windows:7.3.0.118:*:*:*:*:*:*:*
- cpe:2.3:a:foxit_software:foxit_phantompdf:7.3.0.118:*:*:*:*:*:*:*
https://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Stack-based buffer overflow
EUVDB-ID: #VU77
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to to execute arbitrary code on vulnerable installations of Foxit Reader.
The vulnerability exists within the handling of the GoToR action. A remote unauthenticated attacker can cause stacked-based buffer overflow by sending a PDF document with a specially crafted GoToR action to vulnerable server.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Update your applications to the latest versions, which can be found at:
https://www.foxitsoftware.com/support/security-bulletins.php
Foxit PDF Reader for Windows: 7.3.0.118
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.0.118
CPE2.3- cpe:2.3:a:foxit_software:foxit_reader_for_windows:7.3.0.118:*:*:*:*:*:*:*
- cpe:2.3:a:foxit_software:foxit_phantompdf:7.3.0.118:*:*:*:*:*:*:*
https://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
