Risk | High |
Patch available | YES |
Number of vulnerabilities | 14 |
CVE-ID | CVE-2021-21822 CVE-2021-31476 |
CWE-ID | CWE-119 CWE-835 CWE-20 CWE-59 CWE-416 CWE-427 CWE-787 CWE-552 CWE-89 CWE-457 CWE-122 CWE-843 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Foxit PDF Reader for Windows Client/Desktop applications / Office applications Foxit PDF Editor (formerly Foxit PhantomPDF) Client/Desktop applications / Office applications |
Vendor | Foxit Software Inc. |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
Updated: 06.05.2021
Added vulnerabilities #6-13.
Updated: 01.06.2021
Added vulnerability #14.
EUVDB-ID: #VU52936
Risk: Medium
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when exporting certain PDF files to other formats. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0.0.29935 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52937
Risk: Low
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when handling certain XFA forms or link objects. A remote attacker can use a specially crafted PDF file to consume all available system resources and cause denial of service conditions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0.0.29935 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52938
Risk: High
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to use of incorrect parameters or objects without proper validation in the implementation of certain functions in JavaScript. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0.0.29935 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52940
Risk: Low
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to delete arbitrary files on the system.
The vulnerability exists due to the way the application handles symbolic links. A local user can create symbolic links to critical files on the system and delete them, when the system administrator uninstalls the application.
Install updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0.0.29935 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52935
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-21822
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling certain XFA forms or annotation objects. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0.0.29935 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
http://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1287
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52951
Risk: High
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file on a remote SMB fileshare, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52952
Risk: High
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when handling certain JavaScripts or XFA forms in PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52953
Risk: High
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when parsing certain PDF files that contain nonstandard /Size key value in the Trailer dictionary. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52954
Risk: Low
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to preform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when converting certain PDF files to Microsoft Office files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and crash the application.
Install updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52955
Risk: High
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to the application fails to restrict the file type and validate the file path in extractPages and CombineFiles functions. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and overwrite arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Install updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52956
Risk: Low
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing strings inside PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and insert or delete databases by inserting codes at the end of the strings.
Install updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52957
Risk: Low
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the array access violation resulting from the discrepant information in
the form control when users press the Tab key to get focus on a field
and input new text in certain XFA forms. A remote attacker can trick the victim into opening a specially crafted PDF file and gain access to sensitive information or crash the application.
Install updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52958
Risk: High
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the logic error or improper handling of elements when working with certain PDF files that define excessively large value in the file attribute or contain negative leadDigits value in the file attribute. A remote attacker can create specially crafted PDF file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU53684
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-31476
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the handling of XFA templates. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 9.0 - 10.1.3.37598
Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Fixed software versionsCPE2.3 External links
http://www.zerodayinitiative.com/advisories/ZDI-21-614/
http://www.foxit.com/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?