Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF



Published: 2018-07-23 | Updated: 2018-07-30
Risk High
Patch available YES
Number of vulnerabilities 14
CVE-ID CVE-2018-3924
CVE-2018-3939
CVE-2018-14442
CWE-ID CWE-416
CWE-787
CWE-125
CWE-843
CWE-20
CWE-200
CWE-122
CWE-190
CWE-120
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Foxit PDF Reader for Windows
Client/Desktop applications / Office applications

Foxit PDF Editor (formerly Foxit PhantomPDF)
Client/Desktop applications / Office applications

Vendor Foxit Software Inc.

Security Bulletin

This security bulletin contains information about 14 vulnerabilities.

1) Use-after-free error

EUVDB-ID: #VU13956

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3924

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Use-after-free error

EUVDB-ID: #VU13957

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3939

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds memory access

EUVDB-ID: #VU13958

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or execute arbitrary code on the target system.

The weakness exists when parsing or converting JPG files due to access violation on pointer. A remote attacker can trick the victim into opening a specially crafted JPG file, trigger out-of-bounds read/write and gain access to arbitrary data or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Type confusion

EUVDB-ID: #VU13959

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion when calling addAdLayer function since the certain object in the function is replaced. A remote attacker can trick the victim into opening a specially crafted PDF file and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Arbitrary file write

EUVDB-ID: #VU13960

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to write arbitrary file on the target system.

The weakness exists due to insufficient validation of the file type to be exported. A remote attacker can write arbitrary file when executing exportAsFDF or exportData JavaScript and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Type confusion

EUVDB-ID: #VU13961

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion when executing certain JavaScript functions since the application could transform non-XFA-node to XFA-node and use the discrepant XFA-node directly. A remote attacker can trick the victim into opening a specially crafted PDF file and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Improper input validation

EUVDB-ID: #VU13962

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the array object is transformed and used as dictionary object in the cases where inline image dictionary contains invalid dictionary end symbol and array start symbol. A remote attacker can trick the victim into opening a specially crafted PDF file, release inline image, add new array object and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Information disclosure

EUVDB-ID: #VU13963

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the application can expose credentials when executing GoToE & GoToR action. A remote attacker can obtain valid user's credentials.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Heap-based buffer overflow

EUVDB-ID: #VU13964

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Integer overflow

EUVDB-ID: #VU13965

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Type confusion

EUVDB-ID: #VU13966

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion when the application parses “ColorSpace” within a PDF. A remote attacker can trick the victim into opening a specially crafted PDF file, replace the ICCBased color space with Pattern color space and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Out-of-bounds read

EUVDB-ID: #VU13967

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to improper handling of process when executing GetAssociatedPageIndex function. A remote attacker can obtain trigger out-of-bounds read, gain access to arbitrary data and cause the service to crash.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Buffer overflow

EUVDB-ID: #VU13968

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to buffer overflow when executing var test = new ArrayBuffer(0xfffffffe) JavaScript. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger memory corruption and cause the application to crash.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Use-after-free error

EUVDB-ID: #VU14117

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-14442

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling malicious input. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update to version 9.2.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.1.0.5096

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.1.0.5096


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###