Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA11237
Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF

Updated: 05/22/2020
Detect date
?
 04/19/2018
Severity
?
 Critical
Description

Multiple serious vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service and execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An unsafe DLL loading vulnerability can be exploited remotely to execute arbitrary code;
  2. A heap buffer overflow can be exploited remotely to execute arbitrary code;
  3. Multiple use-after-free vulnerabilities can be exploited remotely to execute arbitrary code;
  4. An uninitialized memory/pointer vulnerability can be exploited remotely to obtain sensitive information and execute arbitrary code;
  5. An out-of-bounds read/write vulnerability can be exploited remotely to obtain sensitive information and execute arbitrary code;
  6. Multiple type confusion vulnerabilities can be exploited remotely to cause denial of service and execute arbitrary code;
  7. An use-after-free vulnerability can be exploited remotely to obtain sensitive information and execute arbitrary code;
  8. Multiple unspecified vulnerabilities can be exploited remotely to obtain sensitive information and execute arbitrary code;
Affected products

Foxit Reader earlier than 9.1.0.5096
Foxit PhantomPDF earlier than 9.1.0.5096
Solution

Update to the latest version
Download Foxit Reader
Download Foxit PhantomPDF
Original advisories

Security bulletins
Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]
Related products
 Foxit Reader
Foxit Phantom PDF
CVE-IDS
?
CVE-2018-38506.8High
CVE-2018-38426.8High
CVE-2018-38436.8High
CVE-2018-103026.8High
CVE-2018-103036.8High
CVE-2018-38537.8Critical
CVE-2017-175576.8High
CVE-2017-144586.8High
© 2021 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up