CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19451
https://notcve.org/view.php?id=CVE-2018-19451
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution. Puede ocurrir una inyección de comandos para archivos PDF especialmente creados en Foxit Reader SDK (ActiveX) Professional versión 5.4.0.1031 al usar la acción abrir archivo (Open File) en un campo. Un atacante puede explotar esto para conseguir la ejecución de código remota. • http://www.securityfocus.com/bid/108692 https://www.foxitsoftware.com/support/security-bulletins.php • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19452
https://notcve.org/view.php?id=CVE-2018-19452
A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation. Un Uso de la Memoria Previamente Liberada (Use After Free) en la acción Enter del mouse sobre el campo TextBox en IReader_ContentProvider puede ocurrir para archivos PDF especialmente creados en Foxit Reader SDK (ActiveX) Professional versión 5.4.0.1031. Un atacante puede explotar esto para conseguir la ejecución de código remota. • http://www.securityfocus.com/bid/108692 https://www.foxitsoftware.com/support/security-bulletins.php • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-8342
https://notcve.org/view.php?id=CVE-2019-8342
A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0.0111 on macOS has been discovered due to an incorrect permission set. Se ha descubierto una escalada local de privilegios en libqcocoa.dylib en Foxit Reader 3.1.0.0111 en macOS debido a un conjunto de permisos incorrecto. • https://www.foxitsoftware.com/support/security-bulletins.php • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6752 – Foxit PhantomPDF HTML2PDF HTML Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-6752
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-19-426 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6753 – Foxit Reader XFA Stuff Integer Overflow Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-6753
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.3.0.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Stuff method. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. • https://www.foxitsoftware.com/support/security-bulletins.php https://www.zerodayinitiative.com/advisories/ZDI-19-427 • CWE-190: Integer Overflow or Wraparound •