CVE-2015-3632 – Foxit Reader PDF 7.1.3.320 - Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2015-3632
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. Foxit Reader, Enterprise Reader, y PhantomPDF anterior a 7.1.5 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de un GIF manipulado en un fichero PDF. • https://www.exploit-db.com/exploits/36859 http://packetstormsecurity.com/files/131685/Foxit-Reader-7.1.3.320-Memory-Corruption.html http://protekresearchlab.com/PRL-2015-05 http://www.foxitsoftware.com/support/security_bulletins.php#FRD-27 http://www.securityfocus.com/bid/74418 http://www.securitytracker.com/id/1032229 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3633
https://notcve.org/view.php?id=CVE-2015-3633
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. Foxit Reader, Enterprise Reader, y PhantomPDF anterior a 7.1.5 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de vectores relacionados con firmas digitales. • http://www.foxitsoftware.com/support/security_bulletins.php#FRD-26 http://www.securityfocus.com/bid/74418 http://www.securitytracker.com/id/1032228 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-2789 – Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-2789
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. Vulnerabilidad de búsqueda de ruta en Windows sin entrecomillar en el servicio de actualizaciones seguras Foxit Cloud en el plugin Cloud en Foxit Reader 6.1 hasta 7.0.6.1126 permite a usuarios locales ganar privilegios a través de un programa troyano en la carpeta %SYSTEMDRIVE%. • https://www.exploit-db.com/exploits/36390 http://packetstormsecurity.com/files/130840/Foxit-Reader-7.0.6.1126-Privilege-Escalation.html http://www.exploit-db.com/exploits/36390 http://www.foxitsoftware.com/support/security_bulletins.php#FRD-25 http://www.securityfocus.com/bid/73432 http://www.securitytracker.com/id/1031879 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5235.php •
CVE-2015-2790 – Foxit Products GIF Conversion - 'DataSubBlock' Memory Corruption
https://notcve.org/view.php?id=CVE-2015-2790
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. Foxit Reader, Enterprise Reader, y PhantomPDF anterior a 7.1 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de (1) un tamaño Ubyte manipulado en una estructura DataSubBlock o (2) un LZWMinimumCodeSize manipulado en una imagen GIF. • https://www.exploit-db.com/exploits/36335 https://www.exploit-db.com/exploits/36334 http://protekresearchlab.com/PRL-2015-02 http://protekresearchlab.com/prl-2015-01prl-foxit-products-gif-conversion-memory-corruption-vulnerabilities-lzwminimumcodesize http://securitytracker.com/id/1031878 http://www.exploit-db.com/exploits/36334 http://www.exploit-db.com/exploits/36335 http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23 http://www.foxitsoftware.com/support/security_bulletins.php#FRD-24& • CWE-20: Improper Input Validation •
CVE-2012-4759
https://notcve.org/view.php?id=CVE-2012-4759
Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en facebook_plugin.fpi en el complemento para Facebook en Foxit Reader v5.3.1.0606, permite a usuarios locales ganar privilegios a través de un caballo de troya dwmapi.dll en el archivo de trabajo actual, como se demostró con un durectorio que contiene un archivo .pdf. NOTA: algunos de estos detalles han sido obtenidos de fuentes de terceros. • http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0293.html http://secunia.com/advisories/50348 •