Lucene search

K
nessusThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.FOXIT_PHANTOM_7_3_13.NASL
HistoryDec 21, 2018 - 12:00 a.m.

Foxit PhantomPDF < 7.3.13 Multiple Vulnerabilities

2018-12-2100:00:00
This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22

According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 7.3.13. It is, therefore, affected by multiple vulnerabilities:

  • Unauthorized javascript execution when disabled.
  • Arbitrary Write supporting remote code execution.
  • Use-After-Free resulting in remote code execution.
  • Out-of-Bounds Read leading to information disclosure.
  • Use-Before-Initialization resulting in an unexpected crash.
  • Null Pointer Read or Null Pointer Deference creating an unexpected crash.
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(119835);
  script_version("1.1");
  script_cvs_date("Date: 2018/12/21 12:09:38");
  
  script_name(english:"Foxit PhantomPDF < 7.3.13 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of Foxit PhantomPDF.");

  script_set_attribute(attribute:"synopsis", value:
"A PDF toolkit installed on the remote Windows host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description",  value:
"According to its version, the Foxit PhantomPDF application (formally
known as Phantom) installed on the remote Windows host is prior to
7.3.13. It is, therefore, affected by multiple vulnerabilities:

 - Unauthorized javascript execution when disabled.
 - Arbitrary Write supporting remote code execution.
 - Use-After-Free resulting in remote code execution.
 - Out-of-Bounds Read leading to information disclosure.
 - Use-Before-Initialization resulting in an unexpected
crash.
 - Null Pointer Read or Null Pointer Deference creating an 
unexpected crash.
"
);
 # https://www.foxitsoftware.com/support/security-bulletins.php#content-2017
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?57655a59");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Foxit PhantomPDF version 7.3.13 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"manual");
  script_set_attribute(attribute:"cvss_score_rationale", value:"Score based on analysis of the vendor advisory.");
 
  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/05/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantom");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantompdf");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("foxit_phantom_installed.nasl");
  script_require_keys("installed_sw/FoxitPhantomPDF");

  exit(0);
}
include('vcf.inc');

app = 'FoxitPhantomPDF';

app_info = vcf::get_app_info(app:app, win_local:TRUE);
vcf::check_granularity(app_info:app_info, sig_segments:3);

constraints = [
      { 'fixed_version' : '7.3.13', 'max_version': '7.3.11.1122' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
foxitsoftwarephantomcpe:/a:foxitsoftware:phantom
foxitsoftwarephantompdfcpe:/a:foxitsoftware:phantompdf