Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.FOXIT_PHANTOM_10_1_5.NASL
HistoryAug 26, 2021 - 12:00 a.m.

Foxit PhantomPDF < 10.1.5 Multiple Vulnerabilities

2021-08-2600:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 10.1.5. It is, therefore affected by multiple vulnerabilities:

  • This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14013. (CVE-2021-34853)

  • A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled. (CVE-2021-21870)

  • A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. (CVE-2021-21893)

  • This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.4.37651. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Document objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13741. (CVE-2021-34831)

  • This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the delay property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13928. (CVE-2021-34832)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(152861);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/09");

  script_cve_id(
    "CVE-2021-21831",
    "CVE-2021-21870",
    "CVE-2021-21893",
    "CVE-2021-34831",
    "CVE-2021-34832",
    "CVE-2021-34833",
    "CVE-2021-34834",
    "CVE-2021-34835",
    "CVE-2021-34836",
    "CVE-2021-34837",
    "CVE-2021-34838",
    "CVE-2021-34839",
    "CVE-2021-34840",
    "CVE-2021-34841",
    "CVE-2021-34842",
    "CVE-2021-34843",
    "CVE-2021-34844",
    "CVE-2021-34845",
    "CVE-2021-34846",
    "CVE-2021-34847",
    "CVE-2021-34851",
    "CVE-2021-34852",
    "CVE-2021-34853",
    "CVE-2021-38564"
  );

  script_name(english:"Foxit PhantomPDF < 10.1.5 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A PDF toolkit installed on the remote Windows host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows
host is prior to 10.1.5. It is, therefore affected by multiple vulnerabilities:

  - This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit
    PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target
    must visit a malicious page or open a malicious file. The specific flaw exists within the handling of
    Annotation objects. The issue results from the lack of validating the existence of an object prior to
    performing operations on the object. An attacker can leverage this vulnerability to execute code in the
    context of the current process. Was ZDI-CAN-14013. (CVE-2021-34853)

  - A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version
    10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can
    lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or
    site to trigger this vulnerability if the browser plugin extension is enabled. (CVE-2021-21870)

  - A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version
    11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can
    lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to
    trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious
    site if the browser plugin extension is enabled. (CVE-2021-21893)

  - This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit
    Reader 10.1.4.37651. User interaction is required to exploit this vulnerability in that the target must
    visit a malicious page or open a malicious file. The specific flaw exists within the handling of Document
    objects. The issue results from the lack of validating the existence of an object prior to performing
    operations on the object. An attacker can leverage this vulnerability to execute code in the context of
    the current process. Was ZDI-CAN-13741. (CVE-2021-34831)

  - This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit
    PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target
    must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the
    delay property. The issue results from the lack of validating the existence of an object prior to
    performing operations on the object. An attacker can leverage this vulnerability to execute code in the
    context of the current process. Was ZDI-CAN-13928. (CVE-2021-34832)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://www.foxitsoftware.com/support/security-bulletins.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a27a3e57");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Foxit PhantomPDF version 10.1.5 or later");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-34853");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-38564");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/08/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantom");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantompdf");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("foxit_phantom_installed.nasl");
  script_require_keys("installed_sw/FoxitPhantomPDF", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'FoxitPhantomPDF', win_local:TRUE);

var constraints = [
  { 'max_version' : '10.1.4.37651', 'fixed_version' : '10.1.5' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);
VendorProductVersionCPE
foxitsoftwarephantomcpe:/a:foxitsoftware:phantom
foxitsoftwarephantompdfcpe:/a:foxitsoftware:phantompdf

References

Related

kaspersky 1
nessus 4
cnvd 20
prion 24
zdi 20
cve 24
talos 3
kaspersky
kaspersky
KLA12241 Multiple vulnerabilities in Foxit Reader
2021-07-27 00:00:00
nessus
nessus
Foxit PDF Editor (PhantomPDF) < 11.0.1 Multiple Vulnerabilities
2021-08-05 00:00:00
Foxit Reader < 11.0.1 Multiple Vulnerabilities
2021-07-30 00:00:00
Foxit PDF Editor < 11.0.1 Multiple Vulnerabilities (macOS)
2021-08-04 00:00:00
cnvd
cnvd
Foxit PDF Reader Post-release Reuse Vulnerability (CNVD-2021-79773)
2021-08-02 00:00:00
Foxit PDF Reader Remote Code Execution Vulnerability (CNVD-2021-59168)
2021-08-02 00:00:00
Foxit PDF Reader Remote Code Execution Vulnerability (CNVD-2021-59170)
2021-08-02 00:00:00
prion
prion
Design/Logic Flaw
2021-08-04 16:15:00
Design/Logic Flaw
2021-08-04 16:15:00
Design/Logic Flaw
2021-08-04 16:15:00
zdi
zdi
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
2021-07-30 00:00:00
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
2021-07-30 00:00:00
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
2021-07-30 00:00:00
cve
cve
CVE-2021-34846
2021-08-04 16:15:00
CVE-2021-34853
2021-08-04 16:15:00
CVE-2021-34838
2021-08-04 16:15:00
talos
talos
Foxit Reader removeField use-after-free vulnerability
2021-07-27 00:00:00
Foxit Reader Field OnFocus event use-after-free vulnerability
2021-07-27 00:00:00
Foxit Reader FileAttachment annotation use-after-free vulnerability redux
2021-07-27 00:00:00
JSON
Related for FOXIT_PHANTOM_10_1_5.NASL
kaspersky1nessus4cnvd20prion24zdi20cve24talos3