CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-3633
https://notcve.org/view.php?id=CVE-2015-3633
01 May 2015 — Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. Foxit Reader, Enterprise Reader, y PhantomPDF anterior a 7.1.5 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de vectores relacionados con firmas digitales. • http://www.foxitsoftware.com/support/security_bulletins.php#FRD-26 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 78%CPEs: 3EXPL: 6CVE-2015-2790 – Foxit Products GIF Conversion - 'DataSubBlock' Memory Corruption
https://notcve.org/view.php?id=CVE-2015-2790
30 Mar 2015 — Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. Foxit Reader, Enterprise Reader, y PhantomPDF anterior a 7.1 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de (1) un tamaño Ubyte manipulado en una estructura DataSubBlock o (2) un LZWMinimumCodeSize manipulado en ... • https://www.exploit-db.com/exploits/36335 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 3CVE-2015-2789 – Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-2789
30 Mar 2015 — Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. Vulnerabilidad de búsqueda de ruta en Windows sin entrecomillar en el servicio de actualizaciones seguras Foxit Cloud en el plugin Cloud en Foxit Reader 6.1 hasta 7.0.6.1126 permite a usuarios locales ganar privilegios a través de un programa troyano en la carpeta %SYSTEMDRIVE... • https://www.exploit-db.com/exploits/36390 •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4759
https://notcve.org/view.php?id=CVE-2012-4759
06 Sep 2012 — Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en facebook_plugin.fpi en el complemento para Facebook en Foxit Reader v5.3.1.0606, permite a usuarios locales ganar p... • http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0293.html •
CVSS: 9.3EPSS: 5%CPEs: 21EXPL: 0CVE-2012-4337
https://notcve.org/view.php?id=CVE-2012-4337
23 Aug 2012 — Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references. Foxit Reader anterior a v5.3 en Windows XP y Windows 7 permite a atacantes remotos ejecutar código arbitrario a través de un documento PDF con un adjunto manipulado que provoca el cálculo de un número negativo durante el procesamiento de referencias cruzadas. • http://secunia.com/advisories/50359 •
CVSS: 9.3EPSS: 0%CPEs: 16EXPL: 0CVE-2011-3691
https://notcve.org/view.php?id=CVE-2011-3691
27 Sep 2011 — Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en Foxit Reader v5.0.2.0718 y anteriores permite a usuarios locales conseguir privilegios a través de un caballo de Troya con dwmapi.dll, dwrite.dll o msdrm.dll en el directorio de trabajo actual. • http://www.solutionary.com/index/SERT/Vuln-Disclosures/Foxit-Reader.html • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 5%CPEs: 12EXPL: 0CVE-2011-1908
https://notcve.org/view.php?id=CVE-2011-1908
24 Jun 2011 — Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document. Desbordamiento de entero en el decodificador de tipo de letra 1 en el motor de FreeType en Foxit Reader antes de v4.0.0.0619 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (por caída de la aplicación) a través de una fuente modifi... • http://www.foxitsoftware.com/products/reader/security_bulletins.php#freetype • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 7%CPEs: 23EXPL: 0CVE-2011-0332
https://notcve.org/view.php?id=CVE-2011-0332
25 Feb 2011 — Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow. Desbordamiento de enteros en Foxit Reader anterior a v4.3.1.0218 y Foxit Phantom anterior a v2.3.3.1112 permite a atacantes remotos ejecutar código arbitrario a través de fragmentos ICC manipulados en un fichero PDF, lo que provoca un desbordamiento de búfer basado en heap. • http://secunia.com/advisories/43329 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 4%CPEs: 7EXPL: 3CVE-2010-1239 – Adobe Reader - Escape From '.PDF' Execute Embedded Executable
https://notcve.org/view.php?id=CVE-2010-1239
05 Apr 2010 — Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836. Foxit Reader anterior a v3.2.1.0401 permite a atacantes remotos (1) ejecutar programas locales de su elección a través de determinadas secuencias "/Type /Action /S /Launch" y (2) ejecutar programas de su elección embebidos ... • https://www.exploit-db.com/exploits/11987 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0CVE-2009-0691
https://notcve.org/view.php?id=CVE-2009-0691
23 Jun 2009 — The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access. El complemento Foxit JPEG2000/JBIG2 Decoder antes de v2.0.2009.616 para Foxit Reader 3.0 antes de Build1817 no gestiona correct... • http://secunia.com/advisories/35512 • CWE-399: Resource Management Errors •