KLA12437
Multiple vulnerabilities in Foxit PDF Reader

Multiple vulnerabilities were found in Foxit PDF Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

1. Heap buffer overflow vulnerability can be exploited to execute arbitrary code.
2. NULL pointer dereference vulnerability can be exploited to cause denial of service.
3. Security bypass vulnerability in iManage 10 plugin’s logging function can be exploited via special crafted configuration file to obtain sensitive information or cause denial of service.
4. Use after free vulnerability can be exploited remotely to cause denial of service or execute arbitrary code.
5. Memory corruption vulnerability in JavaScript can be exploited remotely to cause denial of service.
6. Out of bounds read/write vulnerability can be exploited remotely via special crafted files to execute arbitrary code.
7. Use after free vulnerability can be exploited remotely to execute arbitrary code.
8. Use after free or out of bounds read vulnerability in JavaScript API can be exploited remotely via special crafted PDF files to cause denial of service or execute arbitrary code.
9. Uncontrolled search path element privilege escalation vulnerability can be exploited via special crafted DLL files to gain privileges.
10. Stack based buffer overflow vulnerability can be exploited remotely via special crafted XFA file to cause denial of service.
11. Array Out-of-Bounds vulnerability can be exploited remotely via special crafted PDF files to cause denial of service or execute arbitrary code.

Foxit PDF Reader earlier than 11.2.1.53537

Update to the latest version
Download Foxit Reader

Security updates available in Foxit PDF Reader 11.2.1 and Foxit PDF Editor 11.2.1