Kaspersky ID:
KLA11065
Дата обнаружения:
04/07/2017
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities have been found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service and obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An use-after-free vulnerability in the AFParseDateEx function can be exploited remotely to execute arbitrary code;
  2. An out-of-bounds read vulnerability in the PDF file parsing can be exploited remotely to btain sensitive information;
  3. An out-of-bounds read vulnerability in the ObjStm objects parsing can be exploited remotely to btain sensitive information;
  4. An use-after-free vulnerability in the app.alert function can be exploited remotely to execute arbitrary code;
  5. A potential use-before-initialization vulnerabilitythe gotoURL method can be exploited to execute arbitrary code.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2017-10953
    high
  • CVE-2017-10994
    critical
  • CVE-2017-10941
    high
  • CVE-2017-10942
    warning
  • CVE-2017-10943
    warning
  • CVE-2017-10944
    warning
  • CVE-2017-10945
    high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.