Описание
Multiple serious vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities:
- Multiple out-of-bounds Access/Write/Read vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
- Multiple Use-After-Free vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
- Multiple out-of-bounds read vulnerabilities in the closeDoc function can be exploited remotely to execute arbitrary code;
- Multiple Use-After-Free vulnerabilities can be exploited remotely to execute arbitrary code;
- Multiple Use-After-Free vulnerabilities related to XFA layout can be exploited remotely to execute arbitrary code;
- Multiple Use-After-Free vulnerabilities releted to processing malicious PDF documents or certain properties of a PDF form can be exploited remotely to execute arbitrary code;
- An unspecified vulnerability can be exploited remotely to obtain sensitive information;
- A memory corruption vulnerability related to pageIndex object can be exploited to obtain sensitive information;
- A Out-of-Bounds Read vulnerability in the Lower method can be exploited to obtain sensitive information;
- A type confusion vulnerability can be exploited remotely to execute arbitrary code;
- An Out-of-Bounds Read vulnerability releted to processing a PDF file can be exploited remotely to obtain sensitive information.
Technical details
(7) allow remote attackers to trigger Uninitialized Object Information Disclosure.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2018-3940 high
- CVE-2018-3941 high
- CVE-2018-3942 high
- CVE-2018-3943 high
- CVE-2018-3944 high
- CVE-2018-3945 high
- CVE-2018-3946 high
- CVE-2018-3957 high
- CVE-2018-3962 high
- CVE-2018-3958 high
- CVE-2018-3959 high
- CVE-2018-3960 high
- CVE-2018-3961 high
- CVE-2018-3964 high
- CVE-2018-3965 high
- CVE-2018-3966 high
- CVE-2018-3967 high
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!