Multiple vulnerabilities in Foxit Reader

Описание

Multiple serious vulnerabilities have been found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service and obtain sensitive information.

Below is a complete list of vulnerabilities:

1. An use-after-free vulnerability in the AFParseDateEx function can be exploited remotely to execute arbitrary code;
2. An out-of-bounds read vulnerability in the PDF file parsing can be exploited remotely to btain sensitive information;
3. An out-of-bounds read vulnerability in the ObjStm objects parsing can be exploited remotely to btain sensitive information;
4. An use-after-free vulnerability in the app.alert function can be exploited remotely to execute arbitrary code;
5. A potential use-before-initialization vulnerabilitythe gotoURL method can be exploited to execute arbitrary code.

Первичный источник обнаружения

• Foxit Security Bulletins
  

Связанные продукты

• Foxit-Reader

Список CVE

• CVE-2017-10953
  high
• CVE-2017-10994
  critical
• CVE-2017-10941
  high
• CVE-2017-10942
  warning
• CVE-2017-10943
  warning
• CVE-2017-10944
  warning
• CVE-2017-10945
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com