Multiple vulnerabilities in Foxit Reader

Описание

Multiple serious vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities:

1. Multiple out-of-bounds Access/Write/Read vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
2. Multiple Use-After-Free vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
3. Multiple out-of-bounds read vulnerabilities in the closeDoc function can be exploited remotely to execute arbitrary code;
4. Multiple Use-After-Free vulnerabilities can be exploited remotely to execute arbitrary code;
5. Multiple Use-After-Free vulnerabilities related to XFA layout can be exploited remotely to execute arbitrary code;
6. Multiple Use-After-Free vulnerabilities releted to processing malicious PDF documents or certain properties of a PDF form can be exploited remotely to execute arbitrary code;
7. An unspecified vulnerability can be exploited remotely to obtain sensitive information;
8. A memory corruption vulnerability related to pageIndex object can be exploited to obtain sensitive information;
9. A Out-of-Bounds Read vulnerability in the Lower method can be exploited to obtain sensitive information;
10. A type confusion vulnerability can be exploited remotely to execute arbitrary code;
11. An Out-of-Bounds Read vulnerability releted to processing a PDF file can be exploited remotely to obtain sensitive information.

---

Technical details

(7) allow remote attackers to trigger Uninitialized Object Information Disclosure.

Первичный источник обнаружения

• Security updates available in Foxit Reader 9.3 and Foxit PhantomPDF 9.3
  

Связанные продукты

• Foxit-Reader
• Foxit-Phantom-PDF

Список CVE

• CVE-2018-3940
  high
• CVE-2018-3941
  high
• CVE-2018-3942
  high
• CVE-2018-3943
  high
• CVE-2018-3944
  high
• CVE-2018-3945
  high
• CVE-2018-3946
  high
• CVE-2018-3957
  high
• CVE-2018-3962
  high
• CVE-2018-3958
  high
• CVE-2018-3959
  high
• CVE-2018-3960
  high
• CVE-2018-3961
  high
• CVE-2018-3964
  high
• CVE-2018-3965
  high
• CVE-2018-3966
  high
• CVE-2018-3967
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com