CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17618 – Foxit Reader ListBox Selection Change Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17618
28 Sep 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Selection Change events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in ... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17620 – Foxit Reader TextBox Calculate Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17620
28 Sep 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the con... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2018-17622 – Foxit Reader Barcode Calculate Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-17622
28 Sep 2018 — This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerabili... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17623 – Foxit Reader Link setAction Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17623
28 Sep 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17624 – Foxit Reader OCG setAction Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17624
28 Sep 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of OCG objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context ... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-17625 – Foxit Reader setInterval Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17625
28 Sep 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval() method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17706 – Foxit PhantomPDF fxhtml2pdf HTML Conversion Out-Of-Bounds Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17706
28 Sep 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fxhtml2pdf. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to e... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 48%CPEs: 3EXPL: 1CVE-2018-3924
https://notcve.org/view.php?id=CVE-2018-3924
01 Aug 2018 — An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Existe una vulnerabilidad explotable de us... • http://www.securitytracker.com/id/1041353 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 13%CPEs: 3EXPL: 1CVE-2018-3939
https://notcve.org/view.php?id=CVE-2018-3939
01 Aug 2018 — An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Existe una vulnerabilidad explotable de uso de mem... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 3CVE-2018-14442
https://notcve.org/view.php?id=CVE-2018-14442
20 Jul 2018 — Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs. Foxit Reader en versiones anteriores a la 9.2 y PhantomPDF en versiones anteriores a la 9.2 tienen un uso de memoria previamente liberada que conduce a una ejecución remota de código. Esto también se conoce como V-88f4smlocs. • https://github.com/payatu/CVE-2018-14442 • CWE-416: Use After Free •