Description
Multiple serious vulnerabilities have been found in Foxit Reader and Foxit Phantom PDF. Malicious users can exploit these vulnerabilities to obtain sensitive information or execute arbitary code.
Below is a complete list of vulnerabilities:
- Multiple vulnerabilities related to an improper parsing of PDF files can be exploited remotely by convincing a user to visit a malicious web page and open a specially designed file to obtain sensitive information;
- An improper parsing of fonts in PDF files can be exploited remotely by convincing a user to visit a malicious web page and open a specially designed file to obtain sensitive information;
- A use-after-free vulnerability in the setItem function can be exploited remotely to execute arbitrary code;
- A use-after-free vulnerability in the print function can be exploited remotely to execute arbitrary code;
- A use-after-free vulnerability in the app.execMenuItem function can be exploited remotely to execute arbitrary code;
Technical details
Vulnerabilities described above exist because user-supplied data is not property validated. Sometimes it can result in an out-of-bounds read. In conjuction with other vulnerabilities, remote code execution in the context of current process is also possible.
Original advisories
Related products
CVE list
- CVE-2017-8455 high
- CVE-2017-8454 high
- CVE-2017-8453 high
- CVE-2017-10946 high
- CVE-2017-10947 high
- CVE-2017-10948 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!