CVSS: 8.8EPSS: 3%CPEs: 3EXPL: 0CVE-2018-14303 – Foxit Reader StrikeOut Annotation contents Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14303
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of StrikeOut annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-763 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 3%CPEs: 3EXPL: 0CVE-2018-14304 – Foxit Reader Text Annotation noteIcon Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14304
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Text annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-764 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 3%CPEs: 3EXPL: 0CVE-2018-14305 – Foxit Reader PolyLine Annotation addAdLayer Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14305
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PolyLine annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-765 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 3%CPEs: 3EXPL: 0CVE-2018-14306 – Foxit Reader Button buttonSetIcon Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14306
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of button objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-766 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 3%CPEs: 3EXPL: 0CVE-2018-14307 – Foxit Reader Link borderWidth Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14307
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Link objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-767 • CWE-416: Use After Free •