Kaspersky ID:
KLA12530
Detect Date:
05/09/2022
Updated:
01/25/2024

Description

Multiple vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability can be exploited remotely to execute arbitrary code.
  2. Out of Bounds Read or Use After Free vulnerability in memory access to cause denial of service, execute arbitrary code or obtain sensitive information.
  3. Type Confusion vulnerability in the V8 JavaScript Engine can be exploited to cause denial of service.
  4. Out of Bounds Read vulnerability can be exploited to cause denial of service.
  5. Use After Free vulnerability can be exploited to cause denial of service and execute arbitrary code.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2022-25641
    high
  • CVE-2022-28679
    critical
  • CVE-2022-28671
    critical
  • CVE-2022-30557
    critical
  • CVE-2022-28669
    critical
  • CVE-2022-28676
    critical
  • CVE-2022-28682
    critical
  • CVE-2022-28674
    critical
  • CVE-2022-28673
    critical
  • CVE-2022-28681
    high
  • CVE-2022-28683
    critical
  • CVE-2022-28672
    critical
  • CVE-2022-28677
    critical
  • CVE-2022-28675
    critical
  • CVE-2022-28678
    critical
  • CVE-2022-28670
    critical
  • CVE-2022-28680
    critical

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky IT Security Calculator
Calculate
Check now
Learn more about cybersecurity on Kaspersky Encyclopedia
For free
Learn more
Confirm changes?
Your message has been sent successfully.