Kaspersky Threats — La page que vous recherchez est introuvable.<br>Mais vous pouvez consulter les descriptions de nos dernières vulnérabilités et menaces.

Description

Multiple serious vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities:

Multiple out-of-bounds Access/Write/Read vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
Multiple Use-After-Free vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
Multiple out-of-bounds read vulnerabilities in the closeDoc function can be exploited remotely to execute arbitrary code;
Multiple Use-After-Free vulnerabilities can be exploited remotely to execute arbitrary code;
Multiple Use-After-Free vulnerabilities related to XFA layout can be exploited remotely to execute arbitrary code;
Multiple Use-After-Free vulnerabilities releted to processing malicious PDF documents or certain properties of a PDF form can be exploited remotely to execute arbitrary code;
An unspecified vulnerability can be exploited remotely to obtain sensitive information;
A memory corruption vulnerability related to pageIndex object can be exploited to obtain sensitive information;
A Out-of-Bounds Read vulnerability in the Lower method can be exploited to obtain sensitive information;
A type confusion vulnerability can be exploited remotely to execute arbitrary code;
An Out-of-Bounds Read vulnerability releted to processing a PDF file can be exploited remotely to obtain sensitive information.

Technical details

(7) allow remote attackers to trigger Uninitialized Object Information Disclosure.

Fiches de renseignement originales

Security updates available in Foxit Reader 9.3 and Foxit PhantomPDF 9.3

Exploitation

Public exploits exist for this vulnerability.

Produits associés

Liste CVE

CVE-2018-3940
critical
CVE-2018-3941
critical
CVE-2018-3942
critical
CVE-2018-3943
critical
CVE-2018-3944
critical
CVE-2018-3945
critical
CVE-2018-3946
critical
CVE-2018-3957
critical
CVE-2018-3962
high
CVE-2018-3958
critical
CVE-2018-3959
critical
CVE-2018-3960
critical
CVE-2018-3961
critical
CVE-2018-3964
critical
CVE-2018-3965
critical
CVE-2018-3966
critical
CVE-2018-3967
critical

En savoir plus

Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com

Vous avez trouvé une inexactitude dans la description de cette vulnérabilité ? Faites-le nous savoir !