Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF

Description

Multiple serious vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service and execute arbitrary code.

Below is a complete list of vulnerabilities:

1. An unsafe DLL loading vulnerability can be exploited remotely to execute arbitrary code;
2. A heap buffer overflow can be exploited remotely to execute arbitrary code;
3. Multiple use-after-free vulnerabilities can be exploited remotely to execute arbitrary code;
4. An uninitialized memory/pointer vulnerability can be exploited remotely to obtain sensitive information and execute arbitrary code;
5. An out-of-bounds read/write vulnerability can be exploited remotely to obtain sensitive information and execute arbitrary code;
6. Multiple type confusion vulnerabilities can be exploited remotely to cause denial of service and execute arbitrary code;
7. An use-after-free vulnerability can be exploited remotely to obtain sensitive information and execute arbitrary code;
8. Multiple unspecified vulnerabilities can be exploited remotely to obtain sensitive information and execute arbitrary code;

Original advisories

• Security bulletins

Exploitation

Public exploits exist for this vulnerability.

Related products

• Foxit-Reader
• Foxit-Phantom-PDF

CVE list

• CVE-2018-3850
  critical
• CVE-2018-3842
  critical
• CVE-2018-3843
  critical
• CVE-2018-10302
  critical
• CVE-2018-10303
  critical
• CVE-2018-3853
  critical
• CVE-2017-17557
  critical
• CVE-2017-14458
  critical

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com