The vulnerability of the ChakraCore JavaScript script handler and the Microsoft Edge browser arises from an operation that goes beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the ChakraCore JavaScript script handler and the Microsoft Edge browser is caused by an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted web page content...

CVE-2018-3842

An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An...

CVE-2018-3842

An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An...

Design/Logic Flaw

An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An...

CVE-2018-3842

An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An...

Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader

Overview Talos is disclosing five vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular free program for viewing, creating, and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely used browser plugin available. Update to the current...

PT-2018-16236 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.0.1.1049 Description: The issue is related to an uninitialized pointer in the JavaScript engine. A specially crafted PDF document can cause a dereference of this pointer, potentially leading to arbitrary code...

Google Chrome V8 Integer Overflow Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. v8 is one of the open source JavaScript engine. An integer overflow vulnerability exists in V8 in versions prior to Google Chrome 65.0.3325.146. A remote attacker could exploit this vulnerability by tricking a user...

Google Chrome V8 Competitive Conditions Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. v8 is one of the open source JavaScript engine. A competitive condition vulnerability exists in V8 in versions prior to Google Chrome 65.0.3325.146. A remote attacker could exploit this vulnerability by tricking a...

The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser, caused by an operation that goes beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser is caused by an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Microsoft Edge browser and the ChakraCore JavaScript engine handler involves improper handling of objects in memory, allowing an attacker to trigger memory corruption and execute arbitrary code.

The vulnerability of Microsoft Edge browser and the JavaScript script handler ChakraCore is related to improper handling of objects in memory. Exploiting this vulnerability can allow a remote attacker to trigger memory corruption and execute arbitrary code using a specially crafted web page...

CVE-2018-5145

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 52.7 and Thunderbird 52.7...

Google Chrome Caching Bug Type Confusion

A type confusion vulnerability exists in Google Chrome. The vulnerability is due to improper handling of objects in memory by the JavaScript engine while compiling code. A remote attacker could exploit this vulnerability by enticing a user to open a malicious web page...

CVE-2018-4910

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file...

CVE-2018-4910

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file...

Heap overflow

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file...

CVE-2018-4910

CVE-2018-4910 affects Adobe Acrobat Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier. It is a heap overflow in the JavaScript engine triggered by a crafted PDF using JavaScript that manipulates the Optional Content Group (OCG). Successful expl...

V8: integer overflow leading to buffer overflow in Zone::New

An integer-overflow flaw was found in V8's Zone class when allocating new memory Zone::New and Zone::NewExpand. An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges...

Google Chrome < 64.0.3282.167 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 64.0.3282.167. It is, therefore, affected by a vulnerability as referenced in the 201802stable-channel-update-for-desktop13 advisory. - Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior ...

Google Chrome < 64.0.3282.167 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 64.0.3282.167. It is, therefore, affected by a vulnerability as referenced in the 201802stable-channel-update-for-desktop13 advisory. - Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prio...