Multiple vulnerabilities in Foxit Reader and PhantomPDF
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2018-10302 CVE-2018-10303 CVE-2018-5675 CVE-2018-7407 CVE-2018-7406 |
| CWE-ID | CWE-416 CWE-427 CWE-824 CWE-787 CWE-843 CWE-200 CWE-125 CWE-19 CWE-284 CWE-385 CWE-129 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Foxit PDF Editor (formerly Foxit PhantomPDF) Client/Desktop applications / Office applications Foxit PDF Reader for Windows Client/Desktop applications / Office applications |
| Vendor | Foxit Software Inc. |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Use-after-free error
EUVDB-ID: #VU12807
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10302
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can trick the victim into opening specially crafted input, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 8.3.6.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 8.3 - 8.3.5.30351
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free error
EUVDB-ID: #VU12808
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10303
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can trick the victim into opening specially crafted input, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 8.3.6.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 8.3 - 8.3.5.30351
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insecure DLL loading
EUVDB-ID: #VU12821
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to the application passes an insufficiently qualified path in loading an external library when a user launches the application. A remote attacker can place a malicious DLL in the specified path directory and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 8.3.6.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Access of uninitialized pointer
EUVDB-ID: #VU12822
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the use of uninitialized new Uint32Array object or member variables in PrintParams or m_pCurContex objects. A remote attacker can gain access to potentially sensitive information.
Update to version 8.3.6.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU12823
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information or execute arbitrary code on the target system.
The weakness exists due to incorrect memory allocation, memory commit, memory access or array access. A remote attacker can gain access to potentially sensitive information or execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 8.3.6.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Type confusion
EUVDB-ID: #VU12824
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to type confusion when executing certain XFA functions in crafted PDF files since the application can transform non-CXFA_Object to CXFA_Object without judging the data type and use the discrepant CXFA_Object to get layout object directly. A remote attacker can cause the service to crash or execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 8.3.6.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free error
EUVDB-ID: #VU12825
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information, cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to use-after free error since the application can continue to traverse pages after the document has been closed or free certain objects repeatedly. A remote attacker can gain access to potentially sensitive information, cause the service to crash or execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 8.3.6.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU12826
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information or execute arbitrary code on the target system.
The weakness exists due to improper information control. A remote attacker can abuse GoToE & GoToR Actions, gain access to potentially sensitive information or execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 8.3.6.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU12827
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists the _JP2_Codestream_Read_SOT function due to improper information control when the application is not running in Safe-Reading-Mode. A remote attacker can gain access to potentially sensitive information.
Update to version 8.3.6.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Data handling
EUVDB-ID: #VU12828
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-19 - Data Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper COM object handling when opening a PDF in a browser from Microsoft Word. A remote attacker can cause the service to crash.
Update to version 8.3.6.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper access control
EUVDB-ID: #VU12829
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to users can embed executable files to PDF portfolio from within the application. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 8.3.6.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Timing attack
EUVDB-ID: #VU12830
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5675
CWE-ID:
CWE-385 - Covert Timing Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in the OpenSSL RSA Key generation algorithm due to a cache timing side channel attack. A remote attacker with sufficient access to mount cache timing attacks during the RSA key generation process can recover the private key.
Install update from vendor's website.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 9.0.1.1049
Foxit PDF Reader for Windows: 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free error
EUVDB-ID: #VU12831
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 9.0.1.1049
Foxit PDF Reader for Windows: 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Access of uninitialized pointer
EUVDB-ID: #VU12832
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to access of uninitialized pointer. A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 9.0.1.1049
Foxit PDF Reader for Windows: 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Type confusion
EUVDB-ID: #VU12833
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7407
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion. A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 9.0.1.1049
Foxit PDF Reader for Windows: 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper validation of array index
EUVDB-ID: #VU12834
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7406
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to parsing validation indexing. A remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 9.0.1.1049
Foxit PDF Reader for Windows: 9.0.1.1049
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
