CVE-2016-4065 – Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-4065
The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image. El plugin ConvertToPDF en Foxit Reader y PhantomPDF en versiones anteriores a 7.3.4 en Windows, cuando la aplicación gflags está activa, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída de aplicación) a través de una imagen (1) JPEG, (2) GIF o (3) BMP manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ConvertToPDF plugin. A specially crafted BMP image can force Foxit Reader to read memory past the end of an allocated object. • http://www.zerodayinitiative.com/advisories/ZDI-16-216 http://www.zerodayinitiative.com/advisories/ZDI-16-217 http://www.zerodayinitiative.com/advisories/ZDI-16-218 https://www.foxitsoftware.com/support/security-bulletins.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4059 – Foxit Reader FlateDecode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4059
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document. Vulnerabilidad de uso después de liberación de memoria en Foxit Reader y PhantomPDF en versiones anteriores a 7.3.4 en Windows permite a atacantes remotos ejecutar código arbitrario a través de un flujo FlateDecode modificado en un documento PDF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within FlateDecode. A specially crafted PDF with a specific FlateDecode stream can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/85379 http://www.zerodayinitiative.com/advisories/ZDI-16-221 https://www.foxitsoftware.com/support/security-bulletins.php •
CVE-2016-4063 – Foxit Reader Revision Number Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4063
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document. Vulnerabilidad de uso después de liberación de memoria en Foxit Reader y PhantomPDF en versiones anteriores a 7.3.4 en Windows permite a atacantes remotos ejecutar código arbitrario a través de un objeto con un número de revisión de -1 en un documento PDF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the object's revision number. A specially crafted object with a specific revision number in a PDF file can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/85379 http://www.zerodayinitiative.com/advisories/ZDI-16-219 http://www.zerodayinitiative.com/advisories/ZDI-16-220 https://www.foxitsoftware.com/support/security-bulletins.php •
CVE-2016-4064 – Foxit Reader XFA remerge Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4064
Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call. Vulnerabilidad de uso después de liberación de memoria en la funcionalidad de manejo de formularios XFA en Foxit Reader y PhantomPDF en versiones anteriores a 7.3.4 en Windows permite a atacantes remotos ejecutar código arbitrario a través de una llamada remerge manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA forms. A specially crafted remerge call can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/85379 http://www.zerodayinitiative.com/advisories/ZDI-16-215 https://www.foxitsoftware.com/support/security-bulletins.php • CWE-284: Improper Access Control •
CVE-2015-8843 – Foxit FoxitCloudUpdateService Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-8843
The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory corruption. El Foxit Cloud Update Service (FoxitCloudUpdateService) en Foxit Reader 6.1 hasta la versión 6.2.x y 7.x en versiones anteriores a 7.2.2, cuando una actualización para el plugin Cloud está disponible, permite a usuarios locales obtener privilegios escribiendo datos manipulados a una región de memoria compartida, lo que desencadena una corrupción de memoria. This vulnerability allows local attackers to elevate privileges on vulnerable installations of Foxit Reader. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FoxitCloudUpdateService service. An attacker can trigger a memory corruption condition by writing certain data to a shared memory region. • http://www.zerodayinitiative.com/advisories/ZDI-15-640 https://www.foxitsoftware.com/support/security-bulletins.php#FRD-35 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •