Beschreibung
Multiple vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service.
Below is a complete list of vulnerabilities
- An unknown vulnerability in ConvertToPDF plugin can be exploited remotely via specially crafted image to cause a denial of service.
- An unknown vulnerability in XFA forms handling functionality can be exploited remotely via crafted remerge call to execute arbitrary code.
- An unknown vulnerability can be exploited remotely via specially crafted PDF document to execute arbitrary code.
- Improper reports format can be exploited remotely via crafted PDF to cause denial of service.
- An unknown vulnerability can be exploited remotely via crafted content stream to cause denial of service.
- An unknown vulnerability can be exploited remotely via crafted PDF document to execute arbitrary code.
Technical details
To exploit vulnerability (1) attacker has to use crafted JPEG, GIF or BMP image.
Vulnerability (3) can be exploited through the object with a revision number of -1 in a PDF document.
Vulnerability (6) can be exploited via a crafted FlateDecode stream in a PDF document.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2016-4065 high
- CVE-2016-4063 high
- CVE-2016-4064 high
- CVE-2016-4061 high
- CVE-2016-4062 high
- CVE-2016-4059 high
- CVE-2016-4060 high
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!