Multiple vulnerabilities in 3D Plugin Beta for Foxit Reader or Foxit PhantomPDF
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | N/A |
| CWE-ID | CWE-787 CWE-122 CWE-125 CWE-190 CWE-843 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
3D Plugin Beta Web applications / Modules and components for CMS |
| Vendor | Foxit Software Inc. |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU16804
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the improper handling of logic exception in IFXASSERT function when handling certain PDF file that embeds specifically crafted 3D content. A remote attacker can trick the victim into processing a specially crafted PDF file, trigger out-of-bounds write and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to version 9.4.0.16807.
Vulnerable software versions3D Plugin Beta: 8.3.8.1122 - 9.3.0.10830
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU16805
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to out-of-bounds read when handling certain PDF file that embeds specifically crafted 3D content. A remote attacker can trick the victim into processing a specially crafted PDF file, trigger heap-based buffer overflow and cause the service to crash.
MitigationUpdate to version 9.4.0.16807.
Vulnerable software versions3D Plugin Beta: 8.3.8.1122 - 9.3.0.10830
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU16806
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to the free of valid memory when handling certain PDF file that embeds specifically crafted 3D content. A remote attacker can trick the victim into processing a specially crafted PDF file, trigger integer overflow and cause the service to crash.
MitigationUpdate to version 9.4.0.16807.
Vulnerable software versions3D Plugin Beta: 8.3.8.1122 - 9.3.0.10830
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free error
EUVDB-ID: #VU16807
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the use of wild pointer when handing certain PDF file that embeds specifically crafted 3D content. A remote attacker can trick the victim into processing a specially crafted PDF file, trigger use-after-free error or type confusion error and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 9.4.0.16807.
Vulnerable software versions3D Plugin Beta: 8.3.8.1122 - 9.3.0.10830
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
