KLA11162
Multiple vulnerabilities in Foxit Reader
Updated: 03/15/2019
Detect date
?
11/01/2017
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Foxit Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information and execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An out-of-bounds read vulnerability in the tile index member of SOT markers can be exploited remotely via specially designed website or file to obtain sensitive information;
  2. An improper validation vulnerability in the setAction method of Link objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  3. An improper validation vulnerability in the arrowEnd attribute of Annotation objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  4. An out-of-bounds read vulnerability in the parsing of JPEG2000 images embedded in PDF files can be exploited remotely via specially designed website or file to obtain sensitive information;
  5. An out-of-bounds read vulnerability in the channel number member of the cdef box files can be exploited remotely via specially designed website or file to obtain sensitive information;
  6. An out-of-bounds read vulnerability in the channel number member of the cdef box files can be exploited remotely via specially designed website or file to obtain sensitive information;
  7. An out-of-bounds read vulnerability in the tile index of the SOT marker in JPEG2000 images can be exploited remotely via specially designed website or file to obtain sensitive information;
  8. An out-of-bounds read vulnerability in the parsing of the xTsiz member of SIZ markers can be exploited remotely via specially designed website or file to obtain sensitive information;
  9. An out-of-bounds read vulnerability in the parsing of the xOsiz member of SIZ markers can be exploited remotely via specially designed website or file to obtain sensitive information;
  10. A type confusion vulnerability in the insert method of XFAScriptObject objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  11. A type confusion vulnerability in the remove method of XFAScriptObject objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  12. A type confusion vulnerability in the formNodes method of XFA Node objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  13. A type confusion vulnerability in the append method of XFA Node objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  14. A type confusion vulnerability in the w method of XFA Layout objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  15. A type confusion vulnerability in the openList method of XFAScriptObject objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  16. An improper validation vulnerability in the setFocus method of XFAScriptObject objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  17. An improper validation vulnerability in the author attribute of Circle Annotation objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  18. An improper validation vulnerability in the style attribute of Text Annotation objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  19. An improper validation vulnerability in the style attribute of FileAttachment annotation objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  20. A type confusion vulnerability in the page method of XFA Layout objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  21. An improper validation vulnerability in the modDate attribute of Annotation objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  22. A type confusion vulnerability in the pageSpan method of XFA Layout objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  23. A type confusion vulnerability in the handling of references to the app object from FormCalc can be exploited remotely via specially designed website or file to execute arbitrary code;
  24. A type confusion vulnerability in FormCalc’s closeDoc method can be exploited remotely via specially designed website or file to execute arbitrary code;
  25. An out-of-bounds read vulnerability in the parsing of LZWDecode filters can be exploited remotely via specially designed website or file to obtain sensitive information;
  26. An out-of-bounds read vulnerability in the parsing of Image filters can be exploited remotely via specially designed website or file to obtain sensitive information;
  27. An improper validation vulnerability in the XFA’s bind element can be exploited remotely via specially designed website or file to execute arbitrary code;
  28. An improper validation vulnerability in XFA’s field element can be exploited remotely via specially designed website or file to execute arbitrary code;
  29. An improper validation vulnerability in the alignment attribute of Field objects can be exploited remotely via specially designed website or file to execute arbitrary code;
  30. A type confusion vulnerability in the picture elements within XFA forms can be exploited remotely via specially designed website or file to execute arbitrary code;
  31. An out-of-bounds read vulnerability in ImageField node of XFA forms can be exploited remotely via specially designed website or file to obtain sensitive information;
  32. An improper validation vulnerability in the author attribute of the Document object can be exploited remotely via specially designed website or file to execute arbitrary code;
  33. A type confussion vulnerability in the clearItems XFA method can be exploited remotely via specially designed website or file to execute arbitrary code;
  34. An improper validation vulnerability in the datasets element of XFA forms object can be exploited remotely via specially designed website or file to execute arbitrary code;
  35. An out-of-bounds read vulnerability in util.printf can be exploited remotely via specially designed website or file to obtain sensitive information;
  36. An improper validation vulnerability in the app.response method can be exploited remotely via specially designed website or file to execute arbitrary code;
  37. An improper validation vulnerability in the addAnnot method can be exploited remotely via specially designed website or file to execute arbitrary code;
  38. An improper validation vulnerability in the removeField method can be exploited remotely via specially designed website or file to execute arbitrary code;
  39. An out-of-bounds read vulnerability in the parsing of SOT markers can be exploited remotely via specially designed website or file to obtain sensitive information;
  40. An out-of-bounds read vulnerability in the parsing of the yTsiz member of SIZ markers can be exploited remotely via specially designed website or file to obtain sensitive information;
Affected products

Foxit Reader earlier than 9.0.0.29935
Foxit PhantomPDF earlier than 9.0.0.29935

Solution

Update to latest version
Download Foxit Reader
Download Foxit PhantomPDF

Original advisories

Security bulletins

Impacts
?
ACE 
[?]

OSI 
[?]
CVE-IDS
?
CVE-2017-148346.8Critical
CVE-2017-148356.8Critical
CVE-2017-148366.8Critical
CVE-2017-148376.8Critical
CVE-2017-165716.8Critical
CVE-2017-165726.8Critical
CVE-2017-165734.3Critical
CVE-2017-165744.3Critical
CVE-2017-165756.8Critical
CVE-2017-165766.8Critical
CVE-2017-165776.8Critical
CVE-2017-165786.8Critical
CVE-2017-165794.3Critical
CVE-2017-165804.3Critical
CVE-2017-165816.8Critical
CVE-2017-165826.8Critical
CVE-2017-165836.8Critical
CVE-2017-165844.3Critical
CVE-2017-165856.8Critical
CVE-2017-165866.8Critical
CVE-2017-165876.8Critical
CVE-2017-165884.3Critical
CVE-2017-165894.3Critical
CVE-2017-109564.3Critical
CVE-2017-109576.8Critical
CVE-2017-109586.8Critical
CVE-2017-109596.8Critical
CVE-2017-148184.3Critical
CVE-2017-148194.3Critical
CVE-2017-148204.3Critical
CVE-2017-148214.3Critical
CVE-2017-148224.3Critical
CVE-2017-148236.8Critical
CVE-2017-148246.8Critical
CVE-2017-148256.8Critical
CVE-2017-148266.8Critical
CVE-2017-148276.8Critical
CVE-2017-148286.8Critical
CVE-2017-148296.8Critical
CVE-2017-148306.8Critical
CVE-2017-148316.8Critical
CVE-2017-148326.8Critical
CVE-2017-148336.8Critical