Multiple vulnerabilities in Foxit Reader and PhantomPDF



Published: 2020-04-22
Risk High
Patch available YES
Number of vulnerabilities 18
CVE-ID CVE-2020-10889
CVE-2020-10913
CVE-2020-10912
CVE-2020-10911
CVE-2020-10910
CVE-2020-10909
CVE-2020-10908
CVE-2020-10891
CVE-2020-10899
CVE-2020-10900
CVE-2020-10906
CVE-2020-10907
CWE-ID CWE-200
CWE-799
CWE-416
CWE-835
CWE-347
CWE-843
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Foxit PDF Reader for Windows
Client/Desktop applications / Office applications

Foxit PDF Editor (formerly Foxit PhantomPDF)
Client/Desktop applications / Office applications

Vendor Foxit Software Inc.

Security Bulletin

This security bulletin contains information about 18 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU27062

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to hardcoded credentials being used during HTTP request in DocuSign plugin. A remote attacker can gain intercept network traffic and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper control of interaction frequency

EUVDB-ID: #VU27063

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-799 - Improper Control of Interaction Frequency

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a brute-force attack.

The vulnerability exists due to CAS service allows unlimited number of attempts to guess credentials. A remote attacker can perform a brute-force attack and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU27064

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a user-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Infinite loop

EUVDB-ID: #VU27065

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing actions that contain circular reference in PDF files. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Infinite loop

EUVDB-ID: #VU27066

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when parsing certain PDF file that contains irregular data in cross-reference stream or lengthy character strings in the content stream. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU27067

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect validation of signatures of PDF files. A remote attacker can bypass signature validation process and bypass implemented security restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Type Confusion

EUVDB-ID: #VU27068

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10889

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the handling of the DuplicatePages command of the communication API.. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-511/
http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Type Confusion

EUVDB-ID: #VU27075

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10913

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the handling of the OCRAndExportToExcel command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-520/
http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Type Confusion

EUVDB-ID: #VU27074

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10912

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the handling of the SetFieldValue command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-519/
http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Type Confusion

EUVDB-ID: #VU27073

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10911

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the handling of the GetFieldValue command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-518/
http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Type Confusion

EUVDB-ID: #VU27072

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10910

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the handling of the RotatePage command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-517/
http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Type Confusion

EUVDB-ID: #VU27071

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10909

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the handling of the AddWatermark command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-516/
http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Type Confusion

EUVDB-ID: #VU27070

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10908

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the handling of the Export command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-515/
http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Type Confusion

EUVDB-ID: #VU27069

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10891

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the handling of the Save command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-514/
http://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU27092

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10899

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the processing of XFA templates. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-527/
http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU27091

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10900

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the processing of AcroForms. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-528/
http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU27090

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10906

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the resetForm method. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-534/
http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU27089

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10907

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the handling of widgets in XFA forms. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 9.7.1.29511

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.9.41099, 9.0 - 9.7.1.29511


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-20-535/
http://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###