Arbitrary code execution in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - #VU1028
Published: October 19, 2016 / Updated: October 19, 2016
Vulnerability identifier: #VU1028
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Foxit Software Inc.
Affected software:
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to out-of bounds read or out-of-bounds write that lets attackers to access potentially sensitive onformation and execute arbitrary code.
Successful exploitation of the vulnerability results in information disclosure and arbitrary code execution on the vulnerable system.
The weakness is due to out-of bounds read or out-of-bounds write that lets attackers to access potentially sensitive onformation and execute arbitrary code.
Successful exploitation of the vulnerability results in information disclosure and arbitrary code execution on the vulnerable system.
Remediation
Update Foxit Reader to version 8.1.
Update Foxit PhantomPDF to version 8.1.
Update Foxit PhantomPDF to version 8.1.