Arbitrary code execution in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - #VU1029
Published: October 19, 2016
Vulnerability identifier: #VU1029
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Foxit Software Inc.
Affected software:
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to use-after-free and lets attackers to execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness is due to use-after-free and lets attackers to execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Remediation
Update Foxit Reader to version 8.1.
Update Foxit PhantomPDF to version 8.1.
Update Foxit PhantomPDF to version 8.1.