Page 109 of 547 results (0.006 seconds)

CVSS: 7.8EPSS: 7%CPEs: 2EXPL: 0

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document. Vulnerabilidad de uso después de liberación de memoria en Foxit Reader y PhantomPDF en versiones anteriores a 7.3.4 en Windows permite a atacantes remotos ejecutar código arbitrario a través de un flujo FlateDecode modificado en un documento PDF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within FlateDecode. A specially crafted PDF with a specific FlateDecode stream can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/85379 http://www.zerodayinitiative.com/advisories/ZDI-16-221 https://www.foxitsoftware.com/support/security-bulletins.php •

CVSS: 7.8EPSS: 10%CPEs: 2EXPL: 0

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document. Vulnerabilidad de uso después de liberación de memoria en Foxit Reader y PhantomPDF en versiones anteriores a 7.3.4 en Windows permite a atacantes remotos ejecutar código arbitrario a través de un objeto con un número de revisión de -1 en un documento PDF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the object's revision number. A specially crafted object with a specific revision number in a PDF file can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/85379 http://www.zerodayinitiative.com/advisories/ZDI-16-219 http://www.zerodayinitiative.com/advisories/ZDI-16-220 https://www.foxitsoftware.com/support/security-bulletins.php •

CVSS: 7.8EPSS: 9%CPEs: 2EXPL: 0

Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call. Vulnerabilidad de uso después de liberación de memoria en la funcionalidad de manejo de formularios XFA en Foxit Reader y PhantomPDF en versiones anteriores a 7.3.4 en Windows permite a atacantes remotos ejecutar código arbitrario a través de una llamada remerge manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. A specially crafted remerge call can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/85379 http://www.zerodayinitiative.com/advisories/ZDI-16-215 https://www.foxitsoftware.com/support/security-bulletins.php • CWE-284: Improper Access Control •

CVSS: 6.8EPSS: 12%CPEs: 2EXPL: 0

Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document. Múltiples vulnerabilidades de uso después de liberación de memoria en (1) el método Print y (2) el manejador de objetos App en Foxit Reader en versiones anteriores a 7.2.2 y Foxit PhantomPDF en versiones anteriores a 7.2.2 permite a atacantes remotos ejecutar código arbitrario a través de un documento PDF manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the App object. A specially crafted PDF document can force a dangling pointer to be reused after it has been freed. • http://www.zerodayinitiative.com/advisories/ZDI-15-622 http://www.zerodayinitiative.com/advisories/ZDI-15-623 https://www.foxitsoftware.com/support/security-bulletins.php#FRD-34 •

CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 3

Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. Foxit Reader, Enterprise Reader, y PhantomPDF anterior a 7.1.5 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de un GIF manipulado en un fichero PDF. • https://www.exploit-db.com/exploits/36859 http://packetstormsecurity.com/files/131685/Foxit-Reader-7.1.3.320-Memory-Corruption.html http://protekresearchlab.com/PRL-2015-05 http://www.foxitsoftware.com/support/security_bulletins.php#FRD-27 http://www.securityfocus.com/bid/74418 http://www.securitytracker.com/id/1032229 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •