Multiple vulnerabilities in Foxit Reader and PhantomPDF
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2017-17557 CVE-2017-14458 CVE-2018-3842 CVE-2018-3853 CVE-2018-3850 CVE-2018-3843 |
| CWE-ID | CWE-427 CWE-122 CWE-416 CWE-119 CWE-125 CWE-787 CWE-843 CWE-200 CWE-264 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Foxit PDF Reader for Windows Client/Desktop applications / Office applications Foxit PDF Editor (formerly Foxit PhantomPDF) Client/Desktop applications / Office applications |
| Vendor | Foxit Software Inc. |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Insecure DLL loading
EUVDB-ID: #VU12026
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insecure .dll loading mechanism when opening files. A remote attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current victim.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU12035
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-17557
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow. A remote attacker can abuse certain function calls, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free error
EUVDB-ID: #VU12041
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14458
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to the use of freed object when executing JavaScript or invoking certain functions to get object properties. A remote attacker can trigger use-after-free error and execute arbitrary code.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU12043
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3842
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can use of uninitialized new Uint32Array object or member variables in PrintParams or m_pCurContex objects, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption
EUVDB-ID: #VU12044
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to boundary error. A remote attacker can use of uninitialized new Uint32Array object or member variables in PrintParams or m_pCurContex objects, trigger memory corruption and gain access to arbitrary data.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU12045
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.
The weakness exists due to incorrect memory allocation, memory commit, memory access, or array access. A remote attacker can trigger out-of-bounds read and access arbitrary data or cause service to crash.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds write
EUVDB-ID: #VU12047
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to incorrect memory allocation, memory commit, memory access, or array access. A remote attacker can trigger out-of-bounds write and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Type confusion
EUVDB-ID: #VU12048
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists when executing certain XFA functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object without judging the data type and use the discrepant CXFA_Object to get layout object directly. A remote attacker can trick the victim into opening a specially crafted file, trigger type confusion error and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free error
EUVDB-ID: #VU12051
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can cause the application to continue to traverse pages after the document has been closed or free certain objects repeatedly, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free error
EUVDB-ID: #VU12052
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to use-after-free error. A remote attacker can cause the application to continue to traverse pages after the document has been closed or free certain objects repeatedly, trigger memory corruption and access arbitrary data.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU12054
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to unspecified flaw. A remote attacker can abuse GoToE & GoToR Actions to open or run arbitrary executable applications and access arbitrary data.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Remote code execution
EUVDB-ID: #VU12056
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to unspecified flaw. A remote attacker can abuse GoToE & GoToR Actions to open or run arbitrary executable applications and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU12058
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read when the application is not running in Safe-Reading-Mode. A remote attacker can abuse the _JP2_Codestream_Read_SOT function, trigger memory corruption and access arbitrary data.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free error
EUVDB-ID: #VU12060
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3850
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to the use of object which has been closed or removed. A remote attacker can trigger use-after-free error and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Type confusion
EUVDB-ID: #VU12063
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3843
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information or execute arbitrary code on the target system.
The weakness exists due to deference of an object of invalid type. A remote attacker can trick the victim into opening a specially crafted file, trigger type confusion error when parsing files with associated file annotation and access arbitrary data or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU12064
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper handling of a COM object. A remote attacker can trick the victim into opening a PDF file in a browser from Microsoft Word and cause the service to crash.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper input validation
EUVDB-ID: #VU12066
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper input validation. A remote attacker can embed executable files to PDF portfolio from within the application, bypass security restrictions and execute arbitrary application.
MitigationUpdate to version 9.1.
Vulnerable software versionsFoxit PDF Reader for Windows: 8.0.0 - 9.0.1.1049
Foxit PDF Editor (formerly Foxit PhantomPDF): 7.3.11.1122 - 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
