Lucene search

Kaspersky LabKLA20039

HistoryNov 07, 2022 - 12:00 a.m.

KLA20039 Multiple vulnerabilities in Foxit PDF Reader

2022-11-0700:00:00

Kaspersky Lab

threats.kaspersky.com

foxit pdf reader

denial of service

exploitation

cve-2022-38097

cve-2022-32774

cve-2022-40129

update required

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.006

Percentile

79.1%

JSON

Use after free vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to cause denial of service.

Original advisories

Security updates available in Foxit PDF Reader 12.0.2 and Foxit PDF Editor 12.0.2

Exploitation

Public exploits exist for this vulnerability.

Related products

Foxit-Reader

Foxit-Reader-Enterprise

CVE list

CVE-2022-38097 critical

CVE-2022-32774 critical

CVE-2022-40129 critical

CVE-2022-37332 critical

Solution

Update to the latest version

Download Foxit Reader

Impacts

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

Foxit PDF Reader earlier than 12.0.2

References

statistics.securelist.com/

threats.kaspersky.com/en/product/Foxit-Reader-Enterprise/

threats.kaspersky.com/en/product/Foxit-Reader/

www.foxit.com/support/security-bulletins.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.006

Percentile

79.1%

JSON

Related for KLA20039