CVSS: 6.5EPSS: 87%CPEs: 2EXPL: 7CVE-2018-9948 – Foxit Reader Typed Array Uninitialized Pointer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-9948
20 Apr 2018 — This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in ... • https://packetstorm.news/files/id/148947 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 86%CPEs: 2EXPL: 9CVE-2018-9958 – Foxit Reader Text Annotations point Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-9958
20 Apr 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability... • https://packetstorm.news/files/id/160240 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 48%CPEs: 1EXPL: 1CVE-2018-3843
https://notcve.org/view.php?id=CVE-2018-3843
19 Apr 2018 — An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can al... • http://www.securityfocus.com/bid/103942 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-3842
https://notcve.org/view.php?id=CVE-2018-3842
19 Apr 2018 — An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An attacker needs to trick the user to open a malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Existe un uso explot... • http://www.securityfocus.com/bid/103942 • CWE-824: Access of Uninitialized Pointer •