CVSS: 8.8EPSS: 81%CPEs: 2EXPL: 6CVE-2018-9958 – Foxit Reader Text Annotations point Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-9958
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. • https://www.exploit-db.com/exploits/49116 https://www.exploit-db.com/exploits/45269 https://www.exploit-db.com/exploits/44941 https://github.com/t3rabyt3-zz/CVE-2018-9958--Exploit https://github.com/manojcode/Foxit-Reader-RCE-with-virualalloc-and-shellcode-for-CVE-2018-9948-and-CVE-2018-9958 http://packetstormsecurity.com/files/160240/Foxit-Reader-9.0.1.1049-Arbitrary-Code-Execution.html https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZD • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-9972 – Foxit Reader ConvertToPDF_x86 JPG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-9972
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://zerodayinitiative.com/advisories/ZDI-18-356 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-3842
https://notcve.org/view.php?id=CVE-2018-3842
An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An attacker needs to trick the user to open a malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Existe un uso explotable de un puntero no inicializado en el motor JavaScript en Foxit PDF Reader 9.0.1.1049. • http://www.securityfocus.com/bid/103942 http://www.securitytracker.com/id/1040733 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0525 • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 1CVE-2018-3843
https://notcve.org/view.php?id=CVE-2018-3843
An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. Existe una vulnerabilidad explotable de confusión de tipos por la forma en la que Foxit PDF Reader 9.0.1.1049 analiza archivos con anotaciones de archivo asociadas. • http://www.securityfocus.com/bid/103942 http://www.securitytracker.com/id/1040733 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0526 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6169
https://notcve.org/view.php?id=CVE-2016-6169
Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file. Desbordamiento de búfer basado en memoria dinámica (heap) en Foxit Reader y PhantomPDF, en versiones 7.3.4.311 y anteriores en Windows, permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria y cierre inesperado de la aplicación) o que puedan ejecutar código arbitrario mediante datos Bezier en un archivo PDF manipulado. • https://fortiguard.com/zeroday/FG-VD-16-018 https://www.foxitsoftware.com/support/security-bulletins.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •