CVE-2019-13320 – Foxit Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13320
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-19-637 • CWE-416: Use After Free •
CVE-2019-6776 – Foxit PhantomPDF addWatermarkFromText Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6776
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing watermarks within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-19-631 • CWE-416: Use After Free •
CVE-2019-13317 – Foxit PhantomPDF Button Calculate Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13317
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-19-634 • CWE-416: Use After Free •
CVE-2019-13319 – Foxit Reader XFA Form Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13319
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-19-636 • CWE-416: Use After Free •
CVE-2017-3027
https://notcve.org/view.php?id=CVE-2017-3027
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution. Las versiones de Adobe Acrobat Reader 11.0.19 y anteriores, 15.006.30280 y anteriores, 15.023.20070 y anteriores tienen un uso explotable después de la vulnerabilidad gratuita en el módulo XFA, relacionado con el elemento choiceList. Una explotación exitosa podría conducir a la ejecución arbitraria de código. • http://www.securityfocus.com/bid/97550 http://www.securitytracker.com/id/1038228 https://helpx.adobe.com/security/products/acrobat/apsb17-11.html • CWE-416: Use After Free •