Multiple vulnerabilities in Foxit Reader and PhantomPDF



Published: 2018-05-22
Risk High
Patch available YES
Number of vulnerabilities 16
CVE-ID CVE-2018-10302
CVE-2018-10303
CVE-2018-5675
CVE-2018-7407
CVE-2018-7406
CWE-ID CWE-416
CWE-427
CWE-824
CWE-787
CWE-843
CWE-200
CWE-125
CWE-19
CWE-284
CWE-385
CWE-129
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Foxit PDF Editor (formerly Foxit PhantomPDF)
Client/Desktop applications / Office applications

Foxit PDF Reader for Windows
Client/Desktop applications / Office applications

Vendor Foxit Software Inc.

Security Bulletin

This security bulletin contains information about 16 vulnerabilities.

1) Use-after-free error

EUVDB-ID: #VU12807

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-10302

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error. A remote attacker can trick the victim into opening specially crafted input, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 8.3.6.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3 - 8.3.5.30351


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Use-after-free error

EUVDB-ID: #VU12808

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-10303

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error. A remote attacker can trick the victim into opening specially crafted input, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 8.3.6.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3 - 8.3.5.30351


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Insecure DLL loading

EUVDB-ID: #VU12821

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the application passes an insufficiently qualified path in loading an external library when a user launches the application. A remote attacker can place a malicious DLL in the specified path directory and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 8.3.6.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Access of uninitialized pointer

EUVDB-ID: #VU12822

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the use of uninitialized new Uint32Array object or member variables in PrintParams or m_pCurContex objects. A remote attacker can gain access to potentially sensitive information.

Mitigation

Update to version 8.3.6.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Out-of-bounds write

EUVDB-ID: #VU12823

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or execute arbitrary code on the target system.

The weakness exists due to incorrect memory allocation, memory commit, memory access or array access. A remote attacker can gain access to potentially sensitive information or execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 8.3.6.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Type confusion

EUVDB-ID: #VU12824

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to type confusion when executing certain XFA functions in crafted PDF files since the application can transform non-CXFA_Object to CXFA_Object without judging the data type and use the discrepant CXFA_Object to get layout object directly. A remote attacker can cause the service to crash or execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 8.3.6.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Use-after-free error

EUVDB-ID: #VU12825

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information, cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to use-after free error since the application can continue to traverse pages after the document has been closed or free certain objects repeatedly. A remote attacker can gain access to potentially sensitive information, cause the service to crash or execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 8.3.6.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Information disclosure

EUVDB-ID: #VU12826

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or execute arbitrary code on the target system.

The weakness exists due to improper information control. A remote attacker can abuse GoToE & GoToR Actions, gain access to potentially sensitive information or execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 8.3.6.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Out-of-bounds read

EUVDB-ID: #VU12827

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists the _JP2_Codestream_Read_SOT function due to improper information control when the application is not running in Safe-Reading-Mode. A remote attacker can gain access to potentially sensitive information.

Mitigation

Update to version 8.3.6.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Data handling

EUVDB-ID: #VU12828

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-19 - Data Handling

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper COM object handling when opening a PDF in a browser from Microsoft Word. A remote attacker can cause the service to crash.

Mitigation

Update to version 8.3.6.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Improper access control

EUVDB-ID: #VU12829

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to users can embed executable files to PDF portfolio from within the application. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 8.3.6.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Timing attack

EUVDB-ID: #VU12830

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-5675

CWE-ID: CWE-385 - Covert Timing Channel

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the OpenSSL RSA Key generation algorithm due to a cache timing side channel attack. A remote attacker with sufficient access to mount cache timing attacks during the RSA key generation process can recover the private key.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0.1.1049

Foxit PDF Reader for Windows: 9.0.1.1049


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Use-after-free error

EUVDB-ID: #VU12831

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0.1.1049

Foxit PDF Reader for Windows: 9.0.1.1049


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Access of uninitialized pointer

EUVDB-ID: #VU12832

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to access of uninitialized pointer. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0.1.1049

Foxit PDF Reader for Windows: 9.0.1.1049


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

15) Type confusion

EUVDB-ID: #VU12833

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-7407

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0.1.1049

Foxit PDF Reader for Windows: 9.0.1.1049


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

16) Improper validation of array index

EUVDB-ID: #VU12834

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-7406

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to parsing validation indexing. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0.1.1049

Foxit PDF Reader for Windows: 9.0.1.1049


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###