Foxit PDF Reader Pointer Overwrite UAF

Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain...

Foxit PDF Reader JavaScript Engine Memory Misreference Vulnerability (CNVD-2018-15096)

Foxit PDF Reader is China's Foxit Foxit Software Corporation of a PDF document reader. JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.1.0.5096. An attacker could exploit this...

Design/Logic Flaw

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...

Design/Logic Flaw

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the...

CVE-2018-3939

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...

CVE-2018-3924

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the...

CVE-2018-3924

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the...

CVE-2018-3939

CVE-2018-3939 is a use-after-free vulnerability in Foxit Software’s PDF Reader (version 9.1.0.5096) JavaScript engine. A specially crafted PDF can trigger reuse of a previously freed memory object, enabling arbitrary code execution. Exploitation requires user interaction (opening the malicious PD...

CVE-2018-3924

CVE-2018-3924 describes a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine affecting Foxit PDF Reader version 9.1.5096 (and related Foxit offerings). The issue allows an attacker to trigger reuse of a previously freed memory object via a specially crafted PDF document, potenti...

CVE-2018-3939

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...

Foxit Reader Type Obfuscation Remote Code Execution Vulnerability (CNVD-2018-14469)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

Foxit Reader Memory Error Reference Remote Code Execution Vulnerability (CNVD-2018-14458)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

Foxit Reader Memory Misreference Vulnerability (CNVD-2018-14448)

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A memory misreference vulnerability exists in the handling of the 'exportAsFDF' function in Foxit Reader, where the program fails to verify the existence of an object before performing an operation on it. The...

Vulnerability Spotlight: Foxit PDF Reader JavaScript Remote Code Execution Vulns

Overview Discovered by Aleksandar Nikolic of Cisco Talos. Talos is disclosing a pair of vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular free program for viewing, creating, and editing PDF documents. It is commonly used as an alternative to Adobe Acrobat Reader and has a widely...

Foxit PDF Reader Javascript MailForm Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to tri...

Foxit PDF Reader Javascript createTemplate nPage Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CNVD-2018-13532)

Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader have an out-of-bounds read vulnerability. An attacker can exploit this vulnerability to obtain information...

Adobe Acrobat and Reader Buffer Overflow Vulnerability (CNVD-2018-13403)

Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader have a buffer overflow vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

CVE-2018-3853

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the us...

CVE-2018-3853

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the us...