CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9975 – Foxit Reader shift event Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-9975
20 Apr 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shift events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the cont... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-1176 – Foxit Reader ePub Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-1176
20 Apr 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute... • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 87%CPEs: 2EXPL: 7CVE-2018-9948 – Foxit Reader Typed Array Uninitialized Pointer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-9948
20 Apr 2018 — This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in ... • https://packetstorm.news/files/id/148947 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 86%CPEs: 2EXPL: 9CVE-2018-9958 – Foxit Reader Text Annotations point Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-9958
20 Apr 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability... • https://packetstorm.news/files/id/160240 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6168
https://notcve.org/view.php?id=CVE-2016-6168
07 Feb 2018 — Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file. Vulnerabilidad de uso de memoria previamente liberada en Foxit Reader y PhantomPDF, en versiones 7.3.4.311 y anteriores en Windows, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) y ejecuten código arbitrario mediante un archivo PDF manipu... • https://fortiguard.com/zeroday/FG-VD-16-021 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6169
https://notcve.org/view.php?id=CVE-2016-6169
07 Feb 2018 — Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file. Desbordamiento de búfer basado en memoria dinámica (heap) en Foxit Reader y PhantomPDF, en versiones 7.3.4.311 y anteriores en Windows, permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria y cierre inesperado... • https://fortiguard.com/zeroday/FG-VD-16-018 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2017-10994
https://notcve.org/view.php?id=CVE-2017-10994
07 Jul 2017 — Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. Foxit Reader anterior a versión 8.3.1 y PhantomPDF anterior a versión 8.3.1, presenta una vulnerabilidad de Escritura Arbitraria, que permite a los atacantes remotos ejecutar código arbitrario por medio de un documento creado. • http://www.securityfocus.com/bid/99499 • CWE-123: Write-what-where Condition •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-8453
https://notcve.org/view.php?id=CVE-2017-8453
03 May 2017 — Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. Foxit Reader en versiones anteriores a la 8.2.1 y PhantomPDF en versiones anteriores a la 8.2.1, presentan una vulnerabilidad de lectura fuera de límites que permite a atacantes remotos obtener información sensible o ejecutar código arbitrario a través de una fuente manipulada en un documento PDF... • http://www.securityfocus.com/bid/98317 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-8454
https://notcve.org/view.php?id=CVE-2017-8454
03 May 2017 — Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. Foxit Reader en versiones anteriores a la 8.2.1 y PhantomPDF en versiones anteriores a la 8.2.1, presentan una vulnerabilidad de lectura fuera de límites que permite a atacantes remotos obtener información sensible o ejecutar código arbitrario a través de una fuente manipulada en un documento PDF... • http://www.securityfocus.com/bid/98320 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-8455
https://notcve.org/view.php?id=CVE-2017-8455
03 May 2017 — Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. Foxit Reader anterior a 8.2.1 y PhantomPDF anterior a 8.2.1 están afectados por una lectura fuera de límites que permite a un atacante remoto obtener información sensible o ejecutar código de forma arbitraria utilizando una fuente manipulada en un documento PDF. • http://www.securityfocus.com/bid/98319 • CWE-125: Out-of-bounds Read •