CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8843 – Foxit FoxitCloudUpdateService Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-8843
The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory corruption. El Foxit Cloud Update Service (FoxitCloudUpdateService) en Foxit Reader 6.1 hasta la versión 6.2.x y 7.x en versiones anteriores a 7.2.2, cuando una actualización para el plugin Cloud está disponible, permite a usuarios locales obtener privilegios escribiendo datos manipulados a una región de memoria compartida, lo que desencadena una corrupción de memoria. This vulnerability allows local attackers to elevate privileges on vulnerable installations of Foxit Reader. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FoxitCloudUpdateService service. An attacker can trigger a memory corruption condition by writing certain data to a shared memory region. • http://www.zerodayinitiative.com/advisories/ZDI-15-640 https://www.foxitsoftware.com/support/security-bulletins.php#FRD-35 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 8%CPEs: 2EXPL: 0CVE-2015-8580 – Foxit PhantomPDF App Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8580
Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document. Múltiples vulnerabilidades de uso después de liberación de memoria en (1) el método Print y (2) el manejador de objetos App en Foxit Reader en versiones anteriores a 7.2.2 y Foxit PhantomPDF en versiones anteriores a 7.2.2 permite a atacantes remotos ejecutar código arbitrario a través de un documento PDF manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the App object. A specially crafted PDF document can force a dangling pointer to be reused after it has been freed. • http://www.zerodayinitiative.com/advisories/ZDI-15-622 http://www.zerodayinitiative.com/advisories/ZDI-15-623 https://www.foxitsoftware.com/support/security-bulletins.php#FRD-34 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-3633
https://notcve.org/view.php?id=CVE-2015-3633
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. Foxit Reader, Enterprise Reader, y PhantomPDF anterior a 7.1.5 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de vectores relacionados con firmas digitales. • http://www.foxitsoftware.com/support/security_bulletins.php#FRD-26 http://www.securityfocus.com/bid/74418 http://www.securitytracker.com/id/1032228 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 3CVE-2015-3632 – Foxit Reader PDF 7.1.3.320 - Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2015-3632
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. Foxit Reader, Enterprise Reader, y PhantomPDF anterior a 7.1.5 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de un GIF manipulado en un fichero PDF. • https://www.exploit-db.com/exploits/36859 http://packetstormsecurity.com/files/131685/Foxit-Reader-7.1.3.320-Memory-Corruption.html http://protekresearchlab.com/PRL-2015-05 http://www.foxitsoftware.com/support/security_bulletins.php#FRD-27 http://www.securityfocus.com/bid/74418 http://www.securitytracker.com/id/1032229 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 78%CPEs: 3EXPL: 6CVE-2015-2790 – Foxit Products GIF Conversion - 'DataSubBlock' Memory Corruption
https://notcve.org/view.php?id=CVE-2015-2790
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. Foxit Reader, Enterprise Reader, y PhantomPDF anterior a 7.1 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de (1) un tamaño Ubyte manipulado en una estructura DataSubBlock o (2) un LZWMinimumCodeSize manipulado en una imagen GIF. • https://www.exploit-db.com/exploits/36335 https://www.exploit-db.com/exploits/36334 http://protekresearchlab.com/PRL-2015-02 http://protekresearchlab.com/prl-2015-01prl-foxit-products-gif-conversion-memory-corruption-vulnerabilities-lzwminimumcodesize http://securitytracker.com/id/1031878 http://www.exploit-db.com/exploits/36334 http://www.exploit-db.com/exploits/36335 http://www.foxitsoftware.com/support/security_bulletins.php#FRD-23 http://www.foxitsoftware.com/support/security_bulletins.php#FRD-24& • CWE-20: Improper Input Validation •