KLA11115 Multiple vulnerabilities in Foxit Reader

Multiple vulnerabilities was found in Foxit Reader 8.3.2.25013. This vulnerability can be exploited locally via a specially designed .pdf file to cause denial of service, execute arbitrary code or obtain sensetive informatoin.

1. Type confusion vulnerabilities can be exploited remotely file possibly to execute arbitrary code;
2. Use after free vulnerabilities can be exploited remotely possibly to execute arbitrary code;
3. Out of bounds vulnerabilities can be exploited remotely possibly to obtain sensitive information;
4. Unspecified vulnerability can be exploited remotely possibly to execute arbitrary code or cause denial of service;
5. Buffer overflow vulnerability can be exploited remotely possibly to execute arbitrary code or cause denial of service;

Technical details

NB: Not every vulnerability already has CVSS rating, so cumulative CVSS rating can be not representative.

Original advisories

Foxit Security Bulletins

Related products

Foxit-Reader

CVE list

CVE-2017-14694 warning

Solution

Update to latest version

Foxit PDF Reader

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

• Foxit Reader 8.3.2.25013 and previous versions