Main Vulnerability Database Vulnerabilities #VU12041

Use-after-free error in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - CVE-2017-14458

Published: April 20, 2018

Vulnerability identifier: #VU12041

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-14458

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Foxit Software Inc.

Affected software:
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to the use of freed object when executing JavaScript or invoking certain functions to get object properties. A remote attacker can trigger use-after-free error and execute arbitrary code.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

How to mitigate CVE-2017-14458

Update to version 9.1.

Sources

https://www.foxitsoftware.com/support/security-bulletins.php

Use-after-free error in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - CVE-2017-14458

Detailed vulnerability description

How to mitigate CVE-2017-14458

Sources

Please verify you're human