Multiple vulnerabilities in Foxit Reader

Description

Multiple serious vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities:

1. Multiple out-of-bounds Access/Write/Read vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
2. Multiple Use-After-Free vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
3. Multiple out-of-bounds read vulnerabilities in the closeDoc function can be exploited remotely to execute arbitrary code;
4. Multiple Use-After-Free vulnerabilities can be exploited remotely to execute arbitrary code;
5. Multiple Use-After-Free vulnerabilities related to XFA layout can be exploited remotely to execute arbitrary code;
6. Multiple Use-After-Free vulnerabilities releted to processing malicious PDF documents or certain properties of a PDF form can be exploited remotely to execute arbitrary code;
7. An unspecified vulnerability can be exploited remotely to obtain sensitive information;
8. A memory corruption vulnerability related to pageIndex object can be exploited to obtain sensitive information;
9. A Out-of-Bounds Read vulnerability in the Lower method can be exploited to obtain sensitive information;
10. A type confusion vulnerability can be exploited remotely to execute arbitrary code;
11. An Out-of-Bounds Read vulnerability releted to processing a PDF file can be exploited remotely to obtain sensitive information.

---

Technical details

(7) allow remote attackers to trigger Uninitialized Object Information Disclosure.

Original advisories

• Security updates available in Foxit Reader 9.3 and Foxit PhantomPDF 9.3

Exploitation

Public exploits exist for this vulnerability.

Related products

• Foxit-Reader
• Foxit-Phantom-PDF

CVE list

• CVE-2018-3940
  critical
• CVE-2018-3941
  critical
• CVE-2018-3942
  critical
• CVE-2018-3943
  critical
• CVE-2018-3944
  critical
• CVE-2018-3945
  critical
• CVE-2018-3946
  critical
• CVE-2018-3957
  critical
• CVE-2018-3962
  high
• CVE-2018-3958
  critical
• CVE-2018-3959
  critical
• CVE-2018-3960
  critical
• CVE-2018-3961
  critical
• CVE-2018-3964
  critical
• CVE-2018-3965
  critical
• CVE-2018-3966
  critical
• CVE-2018-3967
  critical

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com