CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7722 – Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7722
13 Aug 2024 — Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the obj... • https://www.zerodayinitiative.com/advisories/ZDI-24-1124 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7723 – Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7723
13 Aug 2024 — Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.zerodayinitiative.com/advisories/ZDI-24-1125 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7724 – Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7724
13 Aug 2024 — Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.zerodayinitiative.com/advisories/ZDI-24-1126 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7725 – Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7725
13 Aug 2024 — Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.zerodayinitiative.com/advisories/ZDI-24-1127 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-25938
https://notcve.org/view.php?id=CVE-2024-25938
30 Apr 2024 — A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is ... • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1958 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32488
https://notcve.org/view.php?id=CVE-2024-32488
15 Apr 2024 — In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there. En Foxit PDF Reader and Editor anterior a 2024.1, la escalada de privilegios locales podría ocurrir durante las comprobaciones de actualización porque los permisos débiles en la carpeta del servicio de actualización permiten a los atacantes colocar archivos DLL manipulados allí. • https://www.foxit.com/support/security-bulletins.html • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-30334 – Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30334
28 Mar 2024 — Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-30343 – Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30343
28 Mar 2024 — Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the objec... • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-30355 – Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30355
28 Mar 2024 — Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a write pas... • https://www.foxit.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2024-30351 – Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30351
28 Mar 2024 — Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the o... • https://www.foxit.com/support/security-bulletins.html • CWE-416: Use After Free •