CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17607
https://notcve.org/view.php?id=CVE-2018-17607
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. Foxit PhantomPDF y Reader en versiones anteriores a la 9.3 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada) debido a que se manejan incorrectamente las propiedades de los objetos Annotation. Esto está relacionado con uno de los cinco tipos diferentes de objetos Annotation. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17610
https://notcve.org/view.php?id=CVE-2018-17610
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. Foxit PhantomPDF y Reader en versiones anteriores a la 9.3 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada) debido a que se manejan incorrectamente las propiedades de los objetos Annotation. Esto está relacionado con uno de los cinco tipos diferentes de objetos Annotation. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17608
https://notcve.org/view.php?id=CVE-2018-17608
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. Foxit PhantomPDF y Reader en versiones anteriores a la 9.3 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada) debido a que se manejan incorrectamente las propiedades de los objetos Annotation. Esto está relacionado con uno de los cinco tipos diferentes de objetos Annotation. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2018-17625 – Foxit Reader setInterval Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17625
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval() method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-18-1094 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2018-17615 – Foxit Reader CheckBox Mouse Exit Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17615
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Mouse Exit events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-1096 • CWE-416: Use After Free •