CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2018-5679
https://notcve.org/view.php?id=CVE-2018-5679
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5680. • http://www.securityfocus.com/bid/104300 https://srcincite.io/advisories/src-2018-0015 https://www.foxitsoftware.com/support/security-bulletins.php • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2018-7406
https://notcve.org/view.php?id=CVE-2018-7406
An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. • http://www.securityfocus.com/bid/104300 https://srcincite.io/advisories/src-2018-0017 https://www.foxitsoftware.com/support/security-bulletins.php • CWE-129: Improper Validation of Array Index •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2018-5680
https://notcve.org/view.php?id=CVE-2018-5680
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process, a different vulnerability than CVE-2018-5677 and CVE-2018-5679. • http://www.securityfocus.com/bid/104300 https://srcincite.io/advisories/src-2018-0016 https://www.foxitsoftware.com/support/security-bulletins.php • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 1%CPEs: 10EXPL: 0CVE-2017-3116
https://notcve.org/view.php?id=CVE-2017-3116
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution. Adobe Acrobat Reader 2017.009.20058 y anteriores, 2017.008.30051 y anteriores, 2015.006.30306 y anteriores, y 11.0.20 y anteriores tiene una vulnerabilidad de corrupción de memoria en el plugin MakeAccesible cuando parsea datos de fuentes TrueType. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. • http://www.securityfocus.com/bid/100179 http://www.securitytracker.com/id/1039098 https://helpx.adobe.com/security/products/acrobat/apsb17-24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 10EXPL: 0CVE-2017-11222
https://notcve.org/view.php?id=CVE-2017-11222
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution. Adobe Acrobat Reader 2017.009.20058 y anteriores, 2017.008.30051 y anteriores, 2015.006.30306 y anteriores, y 11.0.20 y anteriores tiene una vulnerabilidad de corrupción de memoria en el motor Product Representation Compact (PRC). La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. • http://www.securityfocus.com/bid/100179 http://www.securitytracker.com/id/1039098 https://helpx.adobe.com/security/products/acrobat/apsb17-24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •