Kaspersky ID:
KLA11326
Дата обнаружения:
28/09/2018
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities:

  1. Multiple out-of-bounds Access/Write/Read vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
  2. Multiple Use-After-Free vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
  3. Multiple out-of-bounds read vulnerabilities in the closeDoc function can be exploited remotely to execute arbitrary code;
  4. Multiple Use-After-Free vulnerabilities can be exploited remotely to execute arbitrary code;
  5. Multiple Use-After-Free vulnerabilities related to XFA layout can be exploited remotely to execute arbitrary code;
  6. Multiple Use-After-Free vulnerabilities releted to processing malicious PDF documents or certain properties of a PDF form can be exploited remotely to execute arbitrary code;
  7. An unspecified vulnerability can be exploited remotely to obtain sensitive information;
  8. A memory corruption vulnerability related to pageIndex object can be exploited to obtain sensitive information;
  9. A Out-of-Bounds Read vulnerability in the Lower method can be exploited to obtain sensitive information;
  10. A type confusion vulnerability can be exploited remotely to execute arbitrary code;
  11. An Out-of-Bounds Read vulnerability releted to processing a PDF file can be exploited remotely to obtain sensitive information.

Technical details

(7) allow remote attackers to trigger Uninitialized Object Information Disclosure.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2018-3940
    high
  • CVE-2018-3941
    high
  • CVE-2018-3942
    high
  • CVE-2018-3943
    high
  • CVE-2018-3944
    high
  • CVE-2018-3945
    high
  • CVE-2018-3946
    high
  • CVE-2018-3957
    high
  • CVE-2018-3962
    high
  • CVE-2018-3958
    high
  • CVE-2018-3959
    high
  • CVE-2018-3960
    high
  • CVE-2018-3961
    high
  • CVE-2018-3964
    high
  • CVE-2018-3965
    high
  • CVE-2018-3966
    high
  • CVE-2018-3967
    high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.