Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11398
HistoryJan 10, 2019 - 12:00 a.m.

KLA11398 Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF

2019-01-1000:00:00
Kaspersky Lab
threats.kaspersky.com
51

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.063 Low

EPSS

Percentile

93.6%

JSON

Multiple vulnerabilities were found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. Out-of-bounds Write/Read vulnerability can be exploited remotely to cause denial of service;
  2. Validation Bypass vulnerability can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2018-3956

CVE-2018-18688/CVE-2018-18689

ZDI-CAN-7347/ZDI-CAN-7452/ZDI-CAN-7601

ZDI-CAN-7353/ZDI-CAN-7423

ZDI-CAN-7368

ZDI-CAN-7369

ZDI-CAN-7453

ZDI-CAN-7576

ZDI-CAN-7355

Related products

Foxit-Reader

Foxit-Phantom-PDF

CVE list

CVE-2018-3956 high

CVE-2018-18688 warning

CVE-2018-18689 warning

Solution

Update to the latest versionDownload Foxit Reader

Download Foxit PhantomPDF

Impacts

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Foxit Reader 9.3.0.10826 and earlierFoxit PhantomPDF 9.3.0.10826 and earlier

Related

nessus 3
openvas 2
nvd 3
prion 3
cve 3
cvelist 3
talos 1
checkpoint_advisories 2
nessus
nessus
Foxit PhantomPDF < 9.4 Multiple Vulnerabilities
2019-01-09 00:00:00
Foxit Reader < 9.4 Multiple Vulnerabilities
2019-01-09 00:00:00
Foxit PhantomPDF < 8.3.9 Multiple Vulnerabilities
2019-01-18 00:00:00
openvas
openvas
Foxit Reader Multiple Vulnerabilities (Jan 2019) - Windows
2019-01-04 00:00:00
Foxit PhantomPDF < 9.4 Multiple Vulnerabilities (Jan 2019) - Windows
2019-01-04 00:00:00
nvd
nvd
CVE-2018-18689
2021-01-07 18:15:12
CVE-2018-18688
2021-01-07 18:15:12
CVE-2018-3956
2019-01-30 22:29:00
prion
prion
Design/Logic Flaw
2021-01-07 18:15:00
Design/Logic Flaw
2021-01-07 18:15:00
Out-of-bounds
2019-01-30 22:29:00
cve
cve
CVE-2018-18689
2021-01-07 18:15:12
CVE-2018-18688
2021-01-07 18:15:12
CVE-2018-3956
2019-01-30 22:29:00
cvelist
cvelist
CVE-2018-18688
2021-01-07 17:38:45
CVE-2018-18689
2021-01-07 17:59:16
CVE-2018-3956
2019-01-03 00:00:00
talos
talos
Foxit PDF Reader XFA xdpContent information leak vulnerability
2019-01-03 00:00:00
checkpoint_advisories
checkpoint_advisories
Foxit Reader and PhantomPDF XFA xdpContent Information Disclosure (CVE-2018-3956)
2019-10-03 00:00:00
Foxit Reader and PhantomPDF XFA xdpContent Information Disclosure (CVE-2018-3956)
2019-10-03 00:00:00

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.063 Low

EPSS

Percentile

93.6%

JSON
Related for KLA11398
nessus3openvas2nvd3prion3cve3cvelist3talos1checkpoint_advisories2