Lucene search
+L

2910 matches found

Talos Blog
Talos Blog
added 2018/10/01 9:59 a.m.40 views

Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader

Vulnerabilities discovered by Aleksandar Nikolic of Cisco Talos Overview Cisco Talos is disclosing eightteen vulnerabilities in Foxit PDF Reader, a popular free program for viewing, creating and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely...

1.1AI score0.09482EPSS
Exploits14
Talos
Talos
added 2018/10/01 12:0 a.m.505 views

Foxit PDF Reader Javascript removeDataObject Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.02114EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.514 views

Foxit PDF Reader JavaScript getPageBox remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.02577EPSS
Exploits0
Talos
Talos
added 2018/10/01 12:0 a.m.498 views

Foxit PDF Reader JavaScript page change remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.4AI score0.02848EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.517 views

Foxit PDF Reader Javascript importDataObject Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.5AI score0.03155EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.291 views

Foxit PDF Reader JavaScript field object signatureGetSeedValue remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.5AI score0.03039EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.517 views

Foxit PDF Reader JavaScript getPageNthWord remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick t...

8.8CVSS8.5AI score0.03155EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.499 views

Foxit PDF Reader JavaScript Field object signatureInfo remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.02577EPSS
Exploits0
Talos
Talos
added 2018/10/01 12:0 a.m.484 views

Foxit PDF Reader Javascript JSON.Stringify this.info Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.5AI score0.03197EPSS
Exploits1
Talos
Talos
added 2018/10/01 12:0 a.m.488 views

Foxit PDF Reader JavaScript field object isDefaultChecked remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

8.8CVSS8.4AI score0.03155EPSS
Exploits1
Exploit DB
Exploit DB
added 2018/08/27 12:0 a.m.198 views

Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Foxit PDF Reader Pointer Overwrite UAF', 'Description' = %q Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotatio...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/08/24 12:0 a.m.234 views

Foxit PDF Reader 9.0.1.1049 Pointer Overwrite Use-After-Free

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Foxit PDF Reader Pointer Overwrite UAF', 'Description' = %q Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotatio...

6.8CVSS0.8AI score0.64074EPSS
Exploits13
0day.today
0day.today
added 2018/08/24 12:0 a.m.211 views

Foxit PDF Reader 9.0.1.1049 Pointer Overwrite Use-After-Free Exploit

Foxit PDF Reader version 9.0.1.1049 has a use-after-free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A RO...

6.8CVSS0.4AI score0.64074EPSS
Exploits13
Metasploit
Metasploit
added 2018/08/21 1:21 p.m.78 views

Foxit PDF Reader Pointer Overwrite UAF

Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain...

8.8CVSS0.64074EPSS
Exploits13
CNVD
CNVD
added 2018/08/09 12:0 a.m.5 views

Foxit PDF Reader JavaScript Engine Memory Misreference Vulnerability (CNVD-2018-15096)

Foxit PDF Reader is China's Foxit Foxit Software Corporation of a PDF document reader. JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.1.0.5096. An attacker could exploit this...

8.8CVSS8.2AI score0.02347EPSS
Exploits1References1
Talos
Talos
added 2018/07/19 12:0 a.m.77 views

Foxit PDF Reader Javascript MailForm Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to tri...

8.8CVSS8.5AI score0.4414EPSS
Exploits1
Prion
Prion
added 2018/06/04 8:29 p.m.11 views

Design/Logic Flaw

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the us...

6.8CVSS8.8AI score0.03356EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2018/06/04 8:29 p.m.17 views

CVE-2018-3853

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the us...

8.8CVSS8.8AI score0.03356EPSS
Exploits2References3
OSV
OSV
added 2018/06/04 8:29 p.m.2 views

CVE-2018-3853

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the us...

8.8CVSS5.8AI score0.03356EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2018/06/04 12:0 a.m.4 views

PT-2018-16247 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.0.1.1049 Description: A use-after-free issue in the JavaScript engine of Foxit PDF Reader can be exploited by opening a specially crafted PDF document, potentially leading to arbitrary code execution. An attacker mu...

8.8CVSS8.7AI score0.03356EPSS
Exploits2References4
Rows per page
Query Builder