KLA11398
Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF
Обновлено: 29/03/2019
Дата обнаружения
10/01/2019
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. Out-of-bounds Write/Read vulnerability can be exploited remotely to cause denial of service;
  2. Validation Bypass vulnerability can be exploited remotely to obtain sensitive information.
Пораженные продукты

Foxit Reader 9.3.0.10826 and earlier
Foxit PhantomPDF 9.3.0.10826 and earlier

Решение

Update to the latest version
Download Foxit PhantomPDF
Download Foxit Reader

Первичный источник обнаружения
CVE-2018-3956
CVE-2018-18688/CVE-2018-18689
ZDI-CAN-7347/ZDI-CAN-7452/ZDI-CAN-7601
ZDI-CAN-7353/ZDI-CAN-7423
ZDI-CAN-7368
ZDI-CAN-7369
ZDI-CAN-7453
ZDI-CAN-7576
ZDI-CAN-7355
Оказываемое влияние
?
OSI 
[?]

DoS 
[?]
CVE-IDS
CVE-2018-39567.8Critical
CVE-2018-186880.0Critical
CVE-2018-186890.0Critical