CVE-2018-14252 – Foxit Reader getField Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14252
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-712 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2018-14253 – Foxit Reader getIcon Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14253
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-713 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2018-14254 – Foxit Reader getLinks Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14254
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getLinks method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-714 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2018-14255 – Foxit Reader getNthFieldName Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14255
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getNthFieldName method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-715 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2018-14256 – Foxit Reader getOCGs Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14256
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getOCGs method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-716 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •