Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Foxit PDF Editor for Mac < 11.1.10 Multiple Vulnerabilities

🗓️ 18 Oct 2024 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 22 Views

Foxit PDF Editor for Mac < 11.1.10 Multiple Vulnerabilities. Vulnerabilities include use-after-free in checkbox field, remote code execution in AcroForm, and Out-of-Bounds Read condition

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability of the annotation processor for viewing electronic documents in PDF format, provided by Foxit PDF Reader (formerly Foxit Reader), allows a perpetrator to execute arbitrary code.
10 Oct 202400:00
bdu_fstec
BDU FSTEC		The vulnerability affects the AcroForm component of the PDF viewer software from Foxit PDF Reader (previously Foxit Reader) and the PDF editor software from Foxit PDF Editor (previously Foxit PhantomPDF). This vulnerability allows a malicious individual to execute arbitrary code.
26 Nov 202400:00
bdu_fstec
Circl		CVE-2024-28888
2 Oct 202423:53
circl
Circl		CVE-2024-7725
21 Aug 202419:04
circl
Circl		CVE-2024-9254
26 Sep 202405:00
circl
CNNVD		Foxit Reader 资源管理错误漏洞
2 Oct 202400:00
cnnvd
CNNVD		Foxit PDF Reader 资源管理错误漏洞
22 Nov 202400:00
cnnvd
CNVD		Foxit PDF Reader Code Execution Vulnerability (CNVD-2024-40816)
22 Aug 202400:00
cnvd
CNVD		Foxit Reader Resource Management Error Vulnerability (CNVD-2024-42105)
17 Oct 202400:00
cnvd
CVE		CVE-2024-28888
2 Oct 202420:51
cve
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(209275);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/12/02");

  script_cve_id("CVE-2024-7725", "CVE-2024-9254", "CVE-2024-28888");

  script_name(english:"Foxit PDF Editor for Mac < 11.1.10 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"A PDF toolkit installed on the remote macOS host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"According to its version, the Foxit PDF Editor for Mac application (previously named Foxit PhantomPDF for Mac) installed
on the remote macOS host is prior to 11.1.10. It is, therefore affected by multiple vulnerabilities:

  - A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field
    object. A specially crafted Javascript code inside a malicious PDF document can trigger this
    vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker
    needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is
    also possible if a user visits a specially crafted, malicious site if the browser plugin extension is
    enabled. (CVE-2024-28888)

  - Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows
    remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction
    is required to exploit this vulnerability in that the target must visit a malicious page or open a
    malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack
    of validating the existence of an object prior to performing operations on the object. An attacker can
    leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23928.
    (CVE-2024-7725)

  - The vulnerability stems from improper validation of user-supplied data when processing AcroForms in PDF
    documents, and due to this lack of proper validation, the application can read past the end of an
    allocated buffer, resulting in an Out-of-Bounds Read condition. This improper handling can lead to
    application crashes, which attackers could potentially exploit for denial of service or, in some cases,
    remote code execution. (CVE-2024-9254)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://www.foxitsoftware.com/support/security-bulletins.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a27a3e57");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Foxit PDF Editor for Mac version 11.1.10 or later");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-9254");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/10/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/10/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantom");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:foxitsoftware:phantompdf");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_foxit_phantompdf_installed.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Foxit PhantomPDF");

  exit(0);
}

include('vcf.inc');

get_kb_item_or_exit('Host/local_checks_enabled');

var os = get_kb_item('Host/MacOSX/Version');
if (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');

var app_info = vcf::get_app_info(app:'Foxit PhantomPDF');

var constraints = [
  { 'max_version' : '11.1.9.0524', 'fixed_version' : '11.1.10' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Dec 2024 00:00Current
8.2High risk
Vulners AI Score8.2
CVSS 3.18.8
CVSS 37.8
EPSS0.04084
SSVC
foxit pdf editormacvulnerabilitiesuse-after-freecheckbox fieldremote code executionacroformout-of-bounds read
22