Kaspersky LabKLA12317KLA12317 Multiple vulnerabilities in Foxit Reader
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.5%
Multiple vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service.
Below is a complete list of vulnerabilities:
- Code execution vulnerability can be exploited via special crafted file to execute arbitrary code.
- Use after free vulnerability can be exploited remotely to cause denial of service, obtain sensitive information or execute arbitrary code.
- Use after free vulnerability can be exploited to cause denial of service, obtain sensitive information or execute arbitrary code.
- Use after free vulnerability can be exploited remotely to obtain sensitive information or execute arbitrary code.
- Out of bounds read vulnerability can be exploited via special PDF files to obtain sensitive information.
- Heap-based buffer overflow vulnerability can be exploited remotely to execute arbitrary code and cause denial of service.
- Information disclosure vulnerability can be exploited to obtain sensitive information.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
CVE-2021-40326 high
CVE-2021-41785 critical
CVE-2021-41783 critical
CVE-2021-41780 critical
CVE-2021-41781 critical
CVE-2021-41782 critical
CVE-2021-41784 critical
CVE-2021-34952 unknown
CVE-2021-34962 unknown
CVE-2021-34950 unknown
CVE-2021-34958 unknown
CVE-2021-34957 unknown
CVE-2021-34963 unknown
CVE-2021-34948 unknown
CVE-2021-34960 unknown
CVE-2021-34973 unknown
CVE-2021-34951 unknown
CVE-2021-34956 unknown
CVE-2021-34967 unknown
CVE-2021-34971 unknown
CVE-2021-34975 unknown
CVE-2021-34953 unknown
CVE-2021-34976 unknown
CVE-2021-34959 unknown
CVE-2021-34955 unknown
CVE-2021-34966 unknown
CVE-2021-34965 unknown
CVE-2021-34970 unknown
CVE-2021-34968 unknown
CVE-2021-34974 unknown
CVE-2021-34972 unknown
CVE-2021-34949 unknown
CVE-2021-34961 unknown
CVE-2021-34954 unknown
CVE-2021-34964 unknown
CVE-2021-34969 unknown
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- Foxit Reader earlier than 11.1
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.5%