CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28203
https://notcve.org/view.php?id=CVE-2020-28203
An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service). Se detectó un problema en Foxit Reader y PhantomPDF versiones10.1.0.37527 y anteriores. Se presenta un acceso y desreferenciación del puntero null al abrir un archivo PDF diseñado, conllevando a que la aplicación se bloquee (denegación de servicio) • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-27860 – Foxit Reader XFA Template Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27860
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-20-1415 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 2CVE-2020-14425 – Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)
https://notcve.org/view.php?id=CVE-2020-14425
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog. Foxit Reader versiones anteriores a 10.0, permite una Ejecución de Comandos Remota por medio de la API JavsScript app.opencPDFWebPage. Un atacante puede ejecutar archivos locales y omitir el cuadro de diálogo de seguridad Foxit Reader version 9.7.1 suffers from a remote command execution vulnerability. • https://www.exploit-db.com/exploits/48982 http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-Execution.html https://www.foxitsoftware.com/support/security-bulletins.php •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-17427 – Foxit Studio Photo NEF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17427
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-20-1338 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-17419 – Foxit Studio Photo NEF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17419
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NEF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-20-1330 • CWE-787: Out-of-bounds Write •