CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10957 – Foxit Reader Annotations arrowEnd Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-10957
14 Nov 2017 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute co... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10958 – Foxit Reader Field value Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-10958
14 Nov 2017 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the value attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10959 – Foxit Reader Link setAction Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-10959
14 Nov 2017 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14694
https://notcve.org/view.php?id=CVE-2017-14694
22 Sep 2017 — Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.". Foxit Reader 8.3.2.25013 y anteriores y Foxit PhantomPDF 8.3.2.25013 y anteriores, cuando se ejecuta en modo de única instancia, permiten que los atacantes ejecuten c... • http://www.securityfocus.com/bid/101009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 21%CPEs: 1EXPL: 0CVE-2017-10953 – Foxit Reader XFA gotoURL Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-10953
07 Sep 2017 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the gotoURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of ... • http://www.securityfocus.com/bid/100682 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 17%CPEs: 1EXPL: 0CVE-2017-10951 – Foxit Reader launchURL Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-10951
17 Aug 2017 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within app.launchURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context o... • http://www.securityfocus.com/bid/100409 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 13%CPEs: 1EXPL: 2CVE-2017-10952 – Foxit Reader saveAs Arbitrary File Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-10952
17 Aug 2017 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs JavaScript function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnera... • https://github.com/afbase/CVE-2017-10952 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2017-10994
https://notcve.org/view.php?id=CVE-2017-10994
07 Jul 2017 — Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. Foxit Reader anterior a versión 8.3.1 y PhantomPDF anterior a versión 8.3.1, presenta una vulnerabilidad de Escritura Arbitraria, que permite a los atacantes remotos ejecutar código arbitrario por medio de un documento creado. • http://www.securityfocus.com/bid/99499 • CWE-123: Write-what-where Condition •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10941 – Foxit Reader AFParseDateEx Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-10941
07 Jul 2017 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFParseDateEx function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the conte... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10942 – Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-10942
07 Jul 2017 — This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction wit... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •