Kaspersky Threats — A página que você está procurando não foi encontrada.<br>Mas você pode ver nossas mais recentes vulnerabilidades e ameaças descritas.

Descrição

Multiple serious vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities:

Multiple out-of-bounds Access/Write/Read vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
Multiple Use-After-Free vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
Multiple out-of-bounds read vulnerabilities in the closeDoc function can be exploited remotely to execute arbitrary code;
Multiple Use-After-Free vulnerabilities can be exploited remotely to execute arbitrary code;
Multiple Use-After-Free vulnerabilities related to XFA layout can be exploited remotely to execute arbitrary code;
Multiple Use-After-Free vulnerabilities releted to processing malicious PDF documents or certain properties of a PDF form can be exploited remotely to execute arbitrary code;
An unspecified vulnerability can be exploited remotely to obtain sensitive information;
A memory corruption vulnerability related to pageIndex object can be exploited to obtain sensitive information;
A Out-of-Bounds Read vulnerability in the Lower method can be exploited to obtain sensitive information;
A type confusion vulnerability can be exploited remotely to execute arbitrary code;
An Out-of-Bounds Read vulnerability releted to processing a PDF file can be exploited remotely to obtain sensitive information.

Technical details

(7) allow remote attackers to trigger Uninitialized Object Information Disclosure.

Comunicados originais

Security updates available in Foxit Reader 9.3 and Foxit PhantomPDF 9.3

Exploração

Public exploits exist for this vulnerability.

Produtos relacionados

Lista de CVE

CVE-2018-3940
critical
CVE-2018-3941
critical
CVE-2018-3942
critical
CVE-2018-3943
critical
CVE-2018-3944
critical
CVE-2018-3945
critical
CVE-2018-3946
critical
CVE-2018-3957
critical
CVE-2018-3962
high
CVE-2018-3958
critical
CVE-2018-3959
critical
CVE-2018-3960
critical
CVE-2018-3961
critical
CVE-2018-3964
critical
CVE-2018-3965
critical
CVE-2018-3966
critical
CVE-2018-3967
critical

Saiba mais

Descubra as estatísticas das vulnerabilidades que se espalham em sua região statistics.securelist.com

Encontrou uma imprecisão na descrição desta vulnerabilidade? Avise-nos!