Multiple vulnerabilities in Foxit Reader and PhantomPDF



Published: 2021-05-06 | Updated: 2021-06-01
Risk High
Patch available YES
Number of vulnerabilities 14
CVE-ID CVE-2021-21822
CVE-2021-31476
CWE-ID CWE-119
CWE-835
CWE-20
CWE-59
CWE-416
CWE-427
CWE-787
CWE-552
CWE-89
CWE-457
CWE-122
CWE-843
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Foxit PDF Reader for Windows
Client/Desktop applications / Office applications

Foxit PDF Editor (formerly Foxit PhantomPDF)
Client/Desktop applications / Office applications

Vendor Foxit Software Inc.

Security Bulletin

This security bulletin contains information about 14 vulnerabilities.

Updated: 06.05.2021

Added vulnerabilities #6-13.

Updated: 01.06.2021

Added vulnerability #14.

1) Buffer overflow

EUVDB-ID: #VU52936

Risk: Medium

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when exporting certain PDF files to other formats. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0.0.29935 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Infinite loop

EUVDB-ID: #VU52937

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when handling certain XFA forms or link objects. A remote attacker can use a specially crafted PDF file to consume all available system resources and cause denial of service conditions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0.0.29935 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Input validation error

EUVDB-ID: #VU52938

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to  use of incorrect parameters or objects without proper validation in the implementation of certain functions in JavaScript. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0.0.29935 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Link following

EUVDB-ID: #VU52940

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local user to delete arbitrary files on the system.

The vulnerability exists due to the way the application handles symbolic links. A local user can create  symbolic links to critical files on the system and delete them, when the system administrator uninstalls the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0.0.29935 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Use-after-free

EUVDB-ID: #VU52935

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-21822

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling certain XFA forms or annotation objects. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0.0.29935 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1287

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Insecure DLL loading

EUVDB-ID: #VU52951

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file on a remote SMB fileshare, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Out-of-bounds write

EUVDB-ID: #VU52952

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when handling certain JavaScripts or XFA forms in PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Out-of-bounds write

EUVDB-ID: #VU52953

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when parsing certain PDF files that contain nonstandard /Size key value in the Trailer dictionary. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Out-of-bounds write

EUVDB-ID: #VU52954

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to preform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when converting certain PDF files to Microsoft Office files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Files or Directories Accessible to External Parties

EUVDB-ID: #VU52955

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-552 - Files or Directories Accessible to External Parties

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to the application fails to restrict the file type and validate the file path in extractPages and CombineFiles functions. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and overwrite arbitrary files on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) SQL injection

EUVDB-ID: #VU52956

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing strings inside PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and insert or delete databases by inserting codes at the end of the strings.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Use of Uninitialized Variable

EUVDB-ID: #VU52957

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-457 - Use of Uninitialized Variable

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the array access violation resulting from the discrepant information in the form control when users press the Tab key to get focus on a field and input new text in certain XFA forms. A remote attacker can trick the victim into opening a specially crafted PDF file and gain access to sensitive information or crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Heap-based buffer overflow

EUVDB-ID: #VU52958

Risk: High

CVSSv3.1:

CVE-ID: N/A

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the logic error or improper handling of elements when working with certain PDF files that define excessively large value in the file attribute or contain negative leadDigits value in the file attribute. A remote attacker can create specially crafted PDF file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0 - 9.7.5.29616


CPE2.3 External links

http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Type Confusion

EUVDB-ID: #VU53684

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-31476

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the handling of XFA templates. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0 - 9.7.5.29616

Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-21-614/
http://www.foxit.com/support/security-bulletins.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###