Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Foxit Reader Remote Code Execution And Information Disclosure Vulnerabilities - Oct18 (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Foxit Reader and is prone to code execution and information disclosure vulnerabilities.
Insight
Insight
The following flaws exist: A remote user can: - cause arbitrary code to be executed on the target user's system. - cause the target user's application to crash. A remote user can obtain potentially sensitive information on the target system. - cause a use-after-free memory error by causing a dialog box to pop open repeatedly. - cause a use-after-free memory error by using objects that have been deleted or closed. - cause a use-after-free memory error using a control object after it has been deleted within a static XFA layout or using a wild pointer resulting from a deleted object after XFA re-layout. - cause a use-after-free memory error when processing certain properties of Annotation objects by using freed objects. - cause a use-after-free memory error or crash when processing PDF documents or certain properties of a PDF form. - cause an uninitialized object information disclosure when creating ArrayBuffer and DataView objects [CVE-2018-17781]. - cause a memory corruption error when getting a pageIndex object without an initial value [CVE-2018-3992]. - cause an out-of-bounds memory read error when processing the Lower () method of a XFA object. - trigger a type confusion error when using a null pointer without validation. - cause an out-of-bounds memory read error and crash when parsing certain BMP images due to the access of an invalid address. - cause an out-of-bounds memory read error when processing a PDF file that contains non-standard signatures. Furthermore: - An out-of-bounds memory read/write error may occur when parsing non-integer strings when converting HTML files to PDF files. - A use-after-free memory error may occur when parsing non-integer strings when converting HTML files to PDF files. - An out-of-bounds memory read error or use-after-free code execution error may occur when executing certain JavaScript due to the use of the document and auxiliary objects. - The creation of ArrayBuffer and DataView objects is mishandled. - The properties of Annotation objects are mishandled.
Affected Software
Affected Software
Foxit Reader versions before 9.3 on Windows.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to Foxit Reader version 9.3 or later.
Common Vulnerabilities and Exposures (CVE)
- CVE-2018-17607
- CVE-2018-17608
- CVE-2018-17609
- CVE-2018-17610
- CVE-2018-17611
- CVE-2018-17781
- CVE-2018-16291
- CVE-2018-16292
- CVE-2018-16293
- CVE-2018-16294
- CVE-2018-16295
- CVE-2018-16296
- CVE-2018-16297
- CVE-2018-3940
- CVE-2018-3941
- CVE-2018-3942
- CVE-2018-3943
- CVE-2018-3944
- CVE-2018-3945
- CVE-2018-3946
- CVE-2018-3957
- CVE-2018-3958
- CVE-2018-3962
- CVE-2018-3992
- CVE-2018-3993
- CVE-2018-3994
- CVE-2018-3995
- CVE-2018-3996
- CVE-2018-3997