Lucene search

K
kasperskyKaspersky LabKLA20039
HistoryNov 07, 2022 - 12:00 a.m.

KLA20039 Multiple vulnerabilities in Foxit PDF Reader

2022-11-0700:00:00
Kaspersky Lab
threats.kaspersky.com
19
foxit pdf reader
denial of service
exploitation
cve-2022-38097
cve-2022-32774
cve-2022-40129
update required

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

43.4%

Use after free vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to cause denial of service.

Original advisories

Security updates available in Foxit PDF Reader 12.0.2 and Foxit PDF Editor 12.0.2

Exploitation

Public exploits exist for this vulnerability.

Related products

Foxit-Reader

Foxit-Reader-Enterprise

CVE list

CVE-2022-38097 critical

CVE-2022-32774 critical

CVE-2022-40129 critical

CVE-2022-37332 critical

Solution

Update to the latest version

Download Foxit Reader

Impacts

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Foxit PDF Reader earlier than 12.0.2

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

43.4%