CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9973 – Foxit Reader ePub Parsing Out-of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-9973
20 Apr 2018 — This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction wit... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9974 – Foxit Reader ConvertToPDF_x86 BMP Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-9974
20 Apr 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the c... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9975 – Foxit Reader shift event Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-9975
20 Apr 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shift events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the cont... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-1176 – Foxit Reader ePub Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-1176
20 Apr 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 87%CPEs: 2EXPL: 7CVE-2018-9948 – Foxit Reader Typed Array Uninitialized Pointer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-9948
20 Apr 2018 — This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in ... • https://packetstorm.news/files/id/148947 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 86%CPEs: 2EXPL: 9CVE-2018-9958 – Foxit Reader Text Annotations point Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-9958
20 Apr 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability... • https://packetstorm.news/files/id/160240 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 48%CPEs: 1EXPL: 1CVE-2018-3843
https://notcve.org/view.php?id=CVE-2018-3843
19 Apr 2018 — An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can al... • http://www.securityfocus.com/bid/103942 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-3842
https://notcve.org/view.php?id=CVE-2018-3842
19 Apr 2018 — An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An attacker needs to trick the user to open a malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Existe un uso explot... • http://www.securityfocus.com/bid/103942 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6168
https://notcve.org/view.php?id=CVE-2016-6168
07 Feb 2018 — Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file. Vulnerabilidad de uso de memoria previamente liberada en Foxit Reader y PhantomPDF, en versiones 7.3.4.311 y anteriores en Windows, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) y ejecuten código arbitrario mediante un archivo PDF manipu... • https://fortiguard.com/zeroday/FG-VD-16-021 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6169
https://notcve.org/view.php?id=CVE-2016-6169
07 Feb 2018 — Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file. Desbordamiento de búfer basado en memoria dinámica (heap) en Foxit Reader y PhantomPDF, en versiones 7.3.4.311 y anteriores en Windows, permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria y cierre inesperado... • https://fortiguard.com/zeroday/FG-VD-16-018 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •