Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF

Published: 2017-11-08 16:06:15
Severity High
Patch available YES
Number of vulnerabilities 14
CVSSv2 6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.2 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.2 (AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.2 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
CVSSv3 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE ID N/A
CWE ID CWE-843
CWE-416
CWE-125
CWE-120
Exploitation vector Network
Public exploit Not available
Vulnerable software Foxit Reader for Windows
Foxit PhantomPDF
Vulnerable software versions Foxit Reader for Windows 8.3.2.25013
Foxit Reader for Windows 8.3.1
Foxit Reader for Windows 8.3.0.14878
Show more
Foxit PhantomPDF 8.3.2.25013
Foxit PhantomPDF 7.3.15.712
Foxit PhantomPDF 7.3.15
Show more
Vendor URL Foxit Software Inc.
Advisory type Public

Security Advisory

1) Type confusion

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error. A remote attacker can execute certain XFA JavaScript functions in crafted PDF files since the application could transform non-CXFA_Node to CXFA_Node by force without judging the data type and use the discrepant CXFA_Node directly.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

2) Type confusion

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error. A remote attacker can execute certain XFA FormCalc functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object by force without judging the data type and use the discrepant CXFA_Object directly.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

3) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling Annot objects. A remote attacker can trick the victim into opening a specially crafted Annot object, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

4) Out-of-bounds read

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the application is not running in Safe-Reading-Mode. A remote attacker can trick the victim into opening a specially crafted input, abuse the _JP2_Codestream_Read_SOT function, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

5) Out-of-bounds read

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the application is not running in Safe-Reading-Mode. A remote attacker can trick the victim into opening a specially crafted input, abuse the lrt_jp2_decompress_write_stripe function, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

6) Out-of-bounds read

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when rendering images. A remote attacker can trick the victim into opening a specially crafted image file, abuse the render.image function, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

7) Out-of-bounds read

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the application is not running in Safe-Reading-Mode. A remote attacker can trick the victim into opening a specially crafted PDF file, abuse the GetBitmapWithoutColorKey function, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

8) Out-of-bounds read

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to uninitialized pointer when handling malicious input. A remote attacker can trick the victim into opening a specially crafted abnormal PDF file, abuse the JP2_Format_Decom function, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

9) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the inconsistency of XFA nodes and XML nodes after deletion during data binding. A remote attacker can trick the victim into opening a specially crafted input, trigger use-after-free error and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

10) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the use of document after it has been freed by closeDoc JavaScript. A remote attacker can trick the victim into opening a specially crafted input, trigger use-after-free error and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

11) Buffer overflow

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the invalid length of size_file_name in CDRecord in the ZIP compression data. A remote attacker can trick the victim into opening a specially crafted EPUB file, trigger buffer overflow and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

12) Type confusion

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the use of discrepant data object during data binding. A remote attacker can trick the victim into opening specially crafted XFA files and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

13) Out-of-bounds read

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the incorrect resource loading when the gflags app is enabled. A remote attacker can trick the victim into opening a specially crafted input, cause file type filter to disorder, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

14) Out-of-bounds read

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the calling of incorrect util.printf parameter. A remote attacker can trick the victim into opening a specially crafted input, trigger out-of-bounds read and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update to version 9.0.

External links

https://www.foxitsoftware.com/support/security-bulletins.php

Back to List