CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17688 – Foxit PhantomPDF setItems Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17688
11 Oct 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setItems method of a ComboBox. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to ex... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17692 – Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17692
11 Oct 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerab... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17705 – Foxit Reader display Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17705
11 Oct 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of CheckBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2018-17627 – Foxit Reader XFA mouseUp Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17627
11 Oct 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA mouseUp event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in th... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17672 – Foxit Reader array Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17672
11 Oct 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of array indices. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the contex... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17685 – Foxit Reader openPlayer Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17685
11 Oct 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the conte... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-16295
https://notcve.org/view.php?id=CVE-2018-16295
08 Oct 2018 — An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin e... • http://www.securitytracker.com/id/1041769 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-16296
https://notcve.org/view.php?id=CVE-2018-16296
08 Oct 2018 — An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin e... • http://www.securitytracker.com/id/1041769 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-16297
https://notcve.org/view.php?id=CVE-2018-16297
08 Oct 2018 — An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2018-16296. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin e... • http://www.securitytracker.com/id/1041769 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-3942
https://notcve.org/view.php?id=CVE-2018-3942
08 Oct 2018 — An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Existe una vulnerabilidad explotable de uso de memoria previamente liberada en el motor JavaScript de Foxit PDF Reader, de Foxit Software, en su versión 9.1... • http://www.securitytracker.com/id/1041769 • CWE-416: Use After Free •