6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.014 Low
EPSS
Percentile
86.6%
According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 8.3.7. It is, therefore, affected by multiple arbitrary code execution and information disclosure vulnerabilities.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(119309);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/09");
script_cve_id(
"CVE-2018-3940",
"CVE-2018-3941",
"CVE-2018-3942",
"CVE-2018-3943",
"CVE-2018-3944",
"CVE-2018-3945",
"CVE-2018-3946",
"CVE-2018-3957",
"CVE-2018-3958",
"CVE-2018-3959",
"CVE-2018-3960",
"CVE-2018-3961",
"CVE-2018-3962",
"CVE-2018-3964",
"CVE-2018-3965",
"CVE-2018-3966",
"CVE-2018-3967",
"CVE-2018-3992",
"CVE-2018-3993",
"CVE-2018-3994",
"CVE-2018-3995",
"CVE-2018-3996",
"CVE-2018-3997",
"CVE-2018-16291",
"CVE-2018-16292",
"CVE-2018-16293",
"CVE-2018-16294",
"CVE-2018-16295",
"CVE-2018-16296",
"CVE-2018-16297",
"CVE-2018-17781"
);
script_name(english:"Foxit PhantomPDF < 8.3.8 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"A PDF toolkit installed on the remote Windows host is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"According to its version, the Foxit PhantomPDF application (formally
known as Phantom) installed on the remote Windows host is prior to
8.3.7. It is, therefore, affected by multiple arbitrary code execution
and information disclosure vulnerabilities.");
# https://www.foxitsoftware.com/support/security-bulletins.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a27a3e57");
script_set_attribute(attribute:"solution", value:
"Upgrade to Foxit PhantomPDF version 8.3.8 or later");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3997");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/02");
script_set_attribute(attribute:"patch_publication_date", value:"2018/08/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantom");
script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantompdf");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("foxit_phantom_installed.nasl");
script_require_keys("installed_sw/FoxitPhantomPDF");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'FoxitPhantomPDF', win_local:TRUE);
var constraints = [
{ 'max_version' : '8.3.7.38093', 'fixed_version' : '8.3.8' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
Vendor | Product | Version | CPE |
---|---|---|---|
foxitsoftware | phantom | cpe:/a:foxitsoftware:phantom | |
foxitsoftware | phantompdf | cpe:/a:foxitsoftware:phantompdf |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16291
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16292
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16294
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16295
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16296
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3941
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3943
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3944
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3946
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3992
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3994
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3996
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3997
www.nessus.org/u?a27a3e57
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.014 Low
EPSS
Percentile
86.6%