Kaspersky Threats

Дата обнаружения

28/09/2018

Уровень угрозы

Critical

Описание

Multiple serious vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

Multiple out-of-bounds Access/Write/Read vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
Multiple Use-After-Free vulnerabilities releted to parsing non-integer strings during the conversion of HTML files to PDFs can be exploited remotely to execute arbitrary code;
Multiple out-of-bounds read vulnerabilities in the closeDoc function can be exploited remotely to execute arbitrary code;
Multiple Use-After-Free vulnerabilities can be exploited remotely to execute arbitrary code;
Multiple Use-After-Free vulnerabilities related to XFA layout can be exploited remotely to execute arbitrary code;
Multiple Use-After-Free vulnerabilities releted to processing malicious PDF documents or certain properties of a PDF form can be exploited remotely to execute arbitrary code;
An unspecified vulnerability can be exploited remotely to obtain sensitive information;
A memory corruption vulnerability related to pageIndex object can be exploited to obtain sensitive information;
A Out-of-Bounds Read vulnerability in the Lower method can be exploited to obtain sensitive information;
A type confusion vulnerability can be exploited remotely to execute arbitrary code;
An Out-of-Bounds Read vulnerability releted to processing a PDF file can be exploited remotely to obtain sensitive information.