CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7722 – Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-7722
13 Aug 2024 — Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the obj... • https://www.zerodayinitiative.com/advisories/ZDI-24-1124 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7723 – Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7723
13 Aug 2024 — Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.zerodayinitiative.com/advisories/ZDI-24-1125 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7724 – Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7724
13 Aug 2024 — Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.zerodayinitiative.com/advisories/ZDI-24-1126 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7725 – Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7725
13 Aug 2024 — Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.zerodayinitiative.com/advisories/ZDI-24-1127 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25938
https://notcve.org/view.php?id=CVE-2024-25938
30 Apr 2024 — A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is ... • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1958 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32488
https://notcve.org/view.php?id=CVE-2024-32488
15 Apr 2024 — In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there. En Foxit PDF Reader and Editor anterior a 2024.1, la escalada de privilegios locales podría ocurrir durante las comprobaciones de actualización porque los permisos débiles en la carpeta del servicio de actualización permiten a los atacantes colocar archivos DLL manipulados allí. • https://www.foxit.com/support/security-bulletins.html • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30355 – Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30355
28 Mar 2024 — Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a write pas... • https://www.foxit.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30335 – Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-30335
28 Mar 2024 — Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result i... • https://www.foxit.com/support/security-bulletins.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30323 – Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30323
28 Mar 2024 — Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end ... • https://www.foxit.com/support/security-bulletins.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30349 – Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30349
28 Mar 2024 — Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the en... • https://www.foxit.com/support/security-bulletins.html • CWE-787: Out-of-bounds Write •