Multiple vulnerabilities in Foxit Reader and PhantomPDF



Published: 2018-04-20
Risk High
Patch available YES
Number of vulnerabilities 17
CVE-ID CVE-2017-17557
CVE-2017-14458
CVE-2018-3842
CVE-2018-3853
CVE-2018-3850
CVE-2018-3843
CWE-ID CWE-427
CWE-122
CWE-416
CWE-119
CWE-125
CWE-787
CWE-843
CWE-200
CWE-264
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Foxit PDF Reader for Windows
Client/Desktop applications / Office applications

Foxit PDF Editor (formerly Foxit PhantomPDF)
Client/Desktop applications / Office applications

Vendor Foxit Software Inc.

Security Bulletin

This security bulletin contains information about 17 vulnerabilities.

1) Insecure DLL loading

EUVDB-ID: #VU12026

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insecure .dll loading mechanism when opening files. A remote attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current victim.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Heap-based buffer overflow

EUVDB-ID: #VU12035

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-17557

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow. A remote attacker can abuse certain function calls, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Use-after-free error

EUVDB-ID: #VU12041

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-14458

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the use of freed object when executing JavaScript or invoking certain functions to get object properties. A remote attacker can trigger use-after-free error and execute arbitrary code.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Memory corruption

EUVDB-ID: #VU12043

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3842

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can use of uninitialized new Uint32Array object or member variables in PrintParams or m_pCurContex objects, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Memory corruption

EUVDB-ID: #VU12044

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to boundary error. A remote attacker can use of uninitialized new Uint32Array object or member variables in PrintParams or m_pCurContex objects, trigger memory corruption and gain access to arbitrary data.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Out-of-bounds read

EUVDB-ID: #VU12045

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to incorrect memory allocation, memory commit, memory access, or array access. A remote attacker can trigger out-of-bounds read and access arbitrary data or cause service to crash.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Out-of-bounds write

EUVDB-ID: #VU12047

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to incorrect memory allocation, memory commit, memory access, or array access. A remote attacker can trigger out-of-bounds write and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Type confusion

EUVDB-ID: #VU12048

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists when executing certain XFA functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object without judging the data type and use the discrepant CXFA_Object to get layout object directly. A remote attacker can trick the victim into opening a specially crafted file, trigger type confusion error and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Use-after-free error

EUVDB-ID: #VU12051

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error. A remote attacker can cause the application to continue to traverse pages after the document has been closed or free certain objects repeatedly, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Use-after-free error

EUVDB-ID: #VU12052

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to use-after-free error. A remote attacker can cause the application to continue to traverse pages after the document has been closed or free certain objects repeatedly, trigger memory corruption and access arbitrary data.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Information disclosure

EUVDB-ID: #VU12054

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to unspecified flaw. A remote attacker can abuse GoToE & GoToR Actions to open or run arbitrary executable applications and access arbitrary data.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Remote code execution

EUVDB-ID: #VU12056

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to unspecified flaw. A remote attacker can abuse GoToE & GoToR Actions to open or run arbitrary executable applications and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Out-of-bounds read

EUVDB-ID: #VU12058

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read when the application is not running in Safe-Reading-Mode. A remote attacker can abuse the _JP2_Codestream_Read_SOT function, trigger memory corruption and access arbitrary data.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Use-after-free error

EUVDB-ID: #VU12060

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3850

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the use of object which has been closed or removed. A remote attacker can trigger use-after-free error and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

15) Type confusion

EUVDB-ID: #VU12063

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3843

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or execute arbitrary code on the target system.

The weakness exists due to deference of an object of invalid type. A remote attacker can trick the victim into opening a specially crafted file, trigger type confusion error when parsing files with associated file annotation and access arbitrary data or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

16) Improper input validation

EUVDB-ID: #VU12064

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper handling of a COM object. A remote attacker can trick the victim into opening a PDF file in a browser from Microsoft Word and cause the service to crash.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

17) Improper input validation

EUVDB-ID: #VU12066

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper input validation. A remote attacker can embed executable files to PDF portfolio from within the application, bypass security restrictions and execute arbitrary application.

Mitigation

Update to version 9.1.

Vulnerable software versions

Foxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.0.1.1049, 8.0 - 8.3.5, 7.3.11.1122 - 7.3.15.712


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###