Lucene search
This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.FOXIT_PHANTOM_9_2.NASLHistoryJul 27, 2018 - 12:00 a.m.
Foxit PhantomPDF < 9.2 Multiple Vulnerabilities
2018-07-2700:00:00
This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 9.2. It is, therefore, affected by multiple vulnerabilities.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(111376);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/09");
script_cve_id("CVE-2018-3924", "CVE-2018-3939");
script_name(english:"Foxit PhantomPDF < 9.2 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"A PDF toolkit installed on the remote Windows host is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"According to its version, the Foxit PhantomPDF application (formally
known as Phantom) installed on the remote Windows host is prior to
9.2. It is, therefore, affected by multiple vulnerabilities.");
# https://www.foxitsoftware.com/support/security-bulletins.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a27a3e57");
script_set_attribute(attribute:"solution", value:
"Upgrade to Foxit PhantomPDF version 9.2 or later");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3939");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/19");
script_set_attribute(attribute:"patch_publication_date", value:"2018/07/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantom");
script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantompdf");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("foxit_phantom_installed.nasl");
script_require_keys("installed_sw/FoxitPhantomPDF");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'FoxitPhantomPDF', win_local:TRUE);
var constraints = [
{ 'max_version' : '8.3.6.35572', 'fixed_version' : '9.2' },
{ 'min_version' : '9.0', 'max_version' : '9.1.0.5096', 'fixed_version' : '9.2' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| foxitsoftware | phantom | cpe:/a:foxitsoftware:phantom | |
| foxitsoftware | phantompdf | cpe:/a:foxitsoftware:phantompdf |
Related
nessus
nessus
Foxit PhantomPDF < 8.3.7 Multiple Vulnerabilities
2018-11-30 00:00:00
Foxit Reader < 8.3.7 Multiple Vulnerabilities
2018-08-22 00:00:00
Foxit Reader < 9.2 Multiple Vulnerabilities
2018-07-27 00:00:00
talosblog
talosblog
prion
prion
Design/Logic Flaw
2018-08-01 20:29:00
Design/Logic Flaw
2018-08-01 20:29:00
cve
cve
CVE-2018-3939
2018-08-01 20:29:00
CVE-2018-3924
2018-08-01 20:29:00
talos
talos
checkpoint_advisories
checkpoint_advisories
kaspersky
kaspersky
KLA11314 Multiple vulnerabilities in Foxit Reader
2018-07-19 00:00:00
openvas
openvas
Foxit Reader 'JavaScript' Remote Code Execution Vulnerabilities - Windows
2018-07-20 00:00:00
Foxit Reader Multiple Vulnerabilities (Apr 2018) - Windows
2018-04-25 00:00:00
Related for FOXIT_PHANTOM_9_2.NASL