Multiple vulnerabilities in Foxit PhantomPDF and Reader



Published: 2018-09-30
Risk High
Patch available YES
Number of vulnerabilities 123
CVE-ID CVE-2018-17781
CVE-2018-3992
CVE-2018-16292
CVE-2018-16294
CVE-2018-16297
CVE-2018-16296
CVE-2018-16295
CVE-2018-16293
CVE-2018-16291
CVE-2018-3997
CVE-2018-3996
CVE-2018-3995
CVE-2018-3994
CVE-2018-3993
CVE-2018-3967
CVE-2018-3966
CVE-2018-3965
CVE-2018-3964
CVE-2018-3961
CVE-2018-3960
CVE-2018-3959
CVE-2018-3958
CVE-2018-3962
CVE-2018-3957
CVE-2018-3946
CVE-2018-3945
CVE-2018-3944
CVE-2018-3943
CVE-2018-3942
CVE-2018-3941
CVE-2018-3940
CVE-2018-17622
CVE-2018-17624
CVE-2018-17623
CVE-2018-17621
CVE-2018-17620
CVE-2018-17619
CVE-2018-17618
CVE-2018-17617
CVE-2018-17616
CVE-2018-17615
CVE-2018-17607
CVE-2018-17611
CVE-2018-17610
CVE-2018-17609
CVE-2018-17608
CWE-ID CWE-843
CWE-125
CWE-200
CWE-119
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Foxit PDF Reader for Windows
Client/Desktop applications / Office applications

Foxit PDF Editor (formerly Foxit PhantomPDF)
Client/Desktop applications / Office applications

Vendor Foxit Software Inc.

Security Bulletin

This security bulletin contains information about 123 vulnerabilities.

1) Type confusion

EUVDB-ID: #VU15050

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a type confusion error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6819)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds read

EUVDB-ID: #VU15049

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to a boundary error when parsing digital signatures within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7073)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds read

EUVDB-ID: #VU15048

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to a boundary error when parsing certain BMP images within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6844)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds read

EUVDB-ID: #VU15047

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to a boundary error when processing Lower () method of a XFA object due to the abnormal data access resulting from the different definition of object character length in WideString and ByteString. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6617)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Information disclosure

EUVDB-ID: #VU15046

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-17781

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to uninitialized object disclosure error when creating ArrayBuffer and DataView objects within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and gain access to sensitive information.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Memory corruption

EUVDB-ID: #VU15045

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3992

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing pageIndex object within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Memory corruption

EUVDB-ID: #VU15044

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7145)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Memory corruption

EUVDB-ID: #VU15043

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7070)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Memory corruption

EUVDB-ID: #VU15042

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7069)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Memory corruption

EUVDB-ID: #VU15041

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7068)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Memory corruption

EUVDB-ID: #VU15040

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6890)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Memory corruption

EUVDB-ID: #VU15039

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6700)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Memory corruption

EUVDB-ID: #VU15038

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6500)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Memory corruption

EUVDB-ID: #VU15037

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6616)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

15) Memory corruption

EUVDB-ID: #VU15036

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6614)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

16) Memory corruption

EUVDB-ID: #VU15035

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6458)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

17) Memory corruption

EUVDB-ID: #VU15034

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6438)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

18) Memory corruption

EUVDB-ID: #VU15033

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7255)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

19) Memory corruption

EUVDB-ID: #VU15032

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7254)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

20) Memory corruption

EUVDB-ID: #VU15031

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7252)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

21) Memory corruption

EUVDB-ID: #VU15030

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7253)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

22) Memory corruption

EUVDB-ID: #VU15029

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7067)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

23) Memory corruption

EUVDB-ID: #VU15028

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7170)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

24) Memory corruption

EUVDB-ID: #VU15027

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7169)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

25) Memory corruption

EUVDB-ID: #VU15026

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7138)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

26) Memory corruption

EUVDB-ID: #VU15025

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7103)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

27) Memory corruption

EUVDB-ID: #VU15024

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6470)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

28) Memory corruption

EUVDB-ID: #VU15023

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7163)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

29) Memory corruption

EUVDB-ID: #VU15022

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7141)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

30) Memory corruption

EUVDB-ID: #VU15021

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6915)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

31) Memory corruption

EUVDB-ID: #VU15020

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6851)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

32) Memory corruption

EUVDB-ID: #VU15019

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6850)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

33) Memory corruption

EUVDB-ID: #VU15018

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6849)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

34) Memory corruption

EUVDB-ID: #VU15017

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6848)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

35) Memory corruption

EUVDB-ID: #VU15016

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6817)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

36) Memory corruption

EUVDB-ID: #VU15015

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6524)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

37) Memory corruption

EUVDB-ID: #VU15014

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6523)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

38) Memory corruption

EUVDB-ID: #VU15013

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6522)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

39) Memory corruption

EUVDB-ID: #VU15012

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6521)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

40) Memory corruption

EUVDB-ID: #VU15011

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6520)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

41) Memory corruption

EUVDB-ID: #VU15010

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6519)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

42) Memory corruption

EUVDB-ID: #VU15009

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6518)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

43) Memory corruption

EUVDB-ID: #VU15008

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6517)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

44) Memory corruption

EUVDB-ID: #VU15007

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6514)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

45) Memory corruption

EUVDB-ID: #VU15006

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6513)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

46) Memory corruption

EUVDB-ID: #VU15005

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6512)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

47) Memory corruption

EUVDB-ID: #VU15004

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6511)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

48) Memory corruption

EUVDB-ID: #VU15003

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6509)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

49) Memory corruption

EUVDB-ID: #VU15002

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6507)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

50) Memory corruption

EUVDB-ID: #VU15001

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6506)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

51) Memory corruption

EUVDB-ID: #VU15000

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6505)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

52) Memory corruption

EUVDB-ID: #VU14999

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6504)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

53) Memory corruption

EUVDB-ID: #VU14998

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6503)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

54) Memory corruption

EUVDB-ID: #VU14997

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6502)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

55) Memory corruption

EUVDB-ID: #VU14996

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6501)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

56) Memory corruption

EUVDB-ID: #VU14995

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6487)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

57) Memory corruption

EUVDB-ID: #VU14994

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6486)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

58) Memory corruption

EUVDB-ID: #VU14993

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6485)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

59) Memory corruption

EUVDB-ID: #VU14992

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6484)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

60) Memory corruption

EUVDB-ID: #VU14991

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6483)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

61) Memory corruption

EUVDB-ID: #VU14990

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6482)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

62) Memory corruption

EUVDB-ID: #VU14989

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6481)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

63) Memory corruption

EUVDB-ID: #VU14988

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6480)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

64) Memory corruption

EUVDB-ID: #VU14987

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6479)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

65) Memory corruption

EUVDB-ID: #VU14986

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6478)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

66) Memory corruption

EUVDB-ID: #VU14985

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6477)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

67) Memory corruption

EUVDB-ID: #VU14984

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6475)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

68) Memory corruption

EUVDB-ID: #VU14983

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6473)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

69) Memory corruption

EUVDB-ID: #VU14982

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6473)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

70) Memory corruption

EUVDB-ID: #VU14981

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6472)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

71) Memory corruption

EUVDB-ID: #VU14980

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6471)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

72) Memory corruption

EUVDB-ID: #VU14977

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6455)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

73) Memory corruption

EUVDB-ID: #VU14976

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-6439)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

74) Memory corruption

EUVDB-ID: #VU14975

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-16292

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

75) Use-after-free

EUVDB-ID: #VU14974

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-16294

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

76) Use-after-free

EUVDB-ID: #VU14973

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-16297

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

77) Use-after-free

EUVDB-ID: #VU14972

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-16296

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

78) Use-after-free

EUVDB-ID: #VU14971

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-16295

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

79) Use-after-free

EUVDB-ID: #VU14970

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-16293

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

80) Use-after-free

EUVDB-ID: #VU14969

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-16291

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

81) Use-after-free

EUVDB-ID: #VU14968

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3997

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

82) Use-after-free

EUVDB-ID: #VU14967

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3996

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

83) Use-after-free

EUVDB-ID: #VU14966

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3995

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

84) Use-after-free

EUVDB-ID: #VU14965

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3994

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

85) Use-after-free

EUVDB-ID: #VU14964

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3993

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

86) Use-after-free

EUVDB-ID: #VU14963

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3967

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

87) Use-after-free

EUVDB-ID: #VU14962

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3966

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

88) Use-after-free

EUVDB-ID: #VU14961

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3965

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

89) Use-after-free

EUVDB-ID: #VU14960

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3964

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

90) Use-after-free

EUVDB-ID: #VU14959

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3961

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

91) Use-after-free

EUVDB-ID: #VU14958

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3960

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

92) Use-after-free

EUVDB-ID: #VU14957

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3959

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

93) Use-after-free

EUVDB-ID: #VU14956

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3958

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

94) Use-after-free

EUVDB-ID: #VU14955

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3962

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

95) Use-after-free

EUVDB-ID: #VU14954

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3957

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

96) Use-after-free

EUVDB-ID: #VU14953

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3946

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

97) Use-after-free

EUVDB-ID: #VU14952

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3945

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

98) Use-after-free

EUVDB-ID: #VU14951

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3944

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

99) Use-after-free

EUVDB-ID: #VU14950

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3943

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

100) Use-after-free

EUVDB-ID: #VU14949

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3942

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

101) Use-after-free

EUVDB-ID: #VU14948

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3941

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

102) Use-after-free

EUVDB-ID: #VU14947

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-3940

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

103) Out-of-bounds read

EUVDB-ID: #VU14946

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-17622

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to a boundary error when processing Calculate events within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
http://www.zerodayinitiative.com/advisories/ZDI-18-1103/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

104) Use-after-free

EUVDB-ID: #VU14945

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17624

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing OCG objects within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
http://www.zerodayinitiative.com/advisories/ZDI-18-1105/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

105) Use-after-free

EUVDB-ID: #VU14944

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17623

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing Link objects within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
http://www.zerodayinitiative.com/advisories/ZDI-18-1104/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

106) Use-after-free

EUVDB-ID: #VU14943

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17621

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing Format events within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
http://www.zerodayinitiative.com/advisories/ZDI-18-1102/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

107) Use-after-free

EUVDB-ID: #VU14942

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17620

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing Calculate events within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
http://www.zerodayinitiative.com/advisories/ZDI-18-1101/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

108) Use-after-free

EUVDB-ID: #VU14941

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17619

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing Validate events within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
http://www.zerodayinitiative.com/advisories/ZDI-18-1100/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

109) Use-after-free

EUVDB-ID: #VU14940

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17618

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing Selection Change events within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
http://www.zerodayinitiative.com/advisories/ZDI-18-1099/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

110) Use-after-free

EUVDB-ID: #VU14939

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17617

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing onFocus events within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
http://www.zerodayinitiative.com/advisories/ZDI-18-1098/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

111) Use-after-free

EUVDB-ID: #VU14938

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17616

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing onBlur events within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
http://www.zerodayinitiative.com/advisories/ZDI-18-1097/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

112) Use-after-free

EUVDB-ID: #VU14937

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17615

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing Mouse Exit events within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
http://www.zerodayinitiative.com/advisories/ZDI-18-1096/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

113) Memory corruption

EUVDB-ID: #VU14936

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7132)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

114) Memory corruption

EUVDB-ID: #VU14935

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7131)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

115) Memory corruption

EUVDB-ID: #VU14934

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7130)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

116) Memory corruption

EUVDB-ID: #VU14933

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7129)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

117) Memory corruption

EUVDB-ID: #VU14932

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
(ZDI-CAN-7128)

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

118) Memory corruption

EUVDB-ID: #VU14931

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files within fxhtml2pdf. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php
http://www.zerodayinitiative.com/advisories/ZDI-18-1095/

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

119) Use-after-free

EUVDB-ID: #VU14930

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17607

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing properties of Annotation objects within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

120) Use-after-free

EUVDB-ID: #VU14929

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17611

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing properties of Annotation objects within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

121) Use-after-free

EUVDB-ID: #VU14928

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17610

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing properties of Annotation objects within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

122) Use-after-free

EUVDB-ID: #VU14927

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17609

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing properties of Annotation objects within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

123) Use-after-free

EUVDB-ID: #VU14926

Risk: High

CVSSv3.1:

CVE-ID: CVE-2018-17608

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing properties of Annotation objects within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.2.0.9297

Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 9.2.0.9297


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###