CVSS: 8.0EPSS: 6%CPEs: 3EXPL: 0CVE-2018-3961
https://notcve.org/view.php?id=CVE-2018-3961
02 Oct 2018 — A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Existe una vulnerabilidad de uso de memoria previamente liberada en el motor JavaScript de Fox... • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628 • CWE-416: Use After Free •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-3962
https://notcve.org/view.php?id=CVE-2018-3962
02 Oct 2018 — A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Existe una vulnerabilidad de uso de memoria previamente liberada en el motor JavaScript d... • http://www.securitytracker.com/id/1041769 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17781
https://notcve.org/view.php?id=CVE-2018-17781
29 Sep 2018 — Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled. Foxit PhantomPDF y Reader en versiones anteriores a la 9.3 permiten que atacantes remotos desencadenen una divulgación de información de objetos sin inicializar debido a que se gestiona de forma incorrecta la creación de objetos ArrayBuffer y DataView. • http://www.securitytracker.com/id/1041769 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17607
https://notcve.org/view.php?id=CVE-2018-17607
28 Sep 2018 — Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. Foxit PhantomPDF y Reader en versiones anteriores a la 9.3 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada) debido a que se manejan incorrectamente las propiedades de los... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17608
https://notcve.org/view.php?id=CVE-2018-17608
28 Sep 2018 — Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. Foxit PhantomPDF y Reader en versiones anteriores a la 9.3 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada) debido a que se manejan incorrectamente las propiedades de los... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17609
https://notcve.org/view.php?id=CVE-2018-17609
28 Sep 2018 — Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. Foxit PhantomPDF y Reader en versiones anteriores a la 9.3 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada) debido a que se manejan incorrectamente las propiedades de los... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17610
https://notcve.org/view.php?id=CVE-2018-17610
28 Sep 2018 — Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. Foxit PhantomPDF y Reader en versiones anteriores a la 9.3 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada) debido a que se manejan incorrectamente las propiedades de los... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17611
https://notcve.org/view.php?id=CVE-2018-17611
28 Sep 2018 — Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. Foxit PhantomPDF y Reader en versiones anteriores a la 9.3 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada) debido a que se manejan incorrectamente las propiedades de los... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17615 – Foxit Reader CheckBox Mouse Exit Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17615
28 Sep 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Mouse Exit events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the co... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17616 – Foxit Reader CheckBox onBlur Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17616
28 Sep 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the contex... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •