Microsoft Edge Information Disclosure Vulnerability (CNVD-2018-07984)

Microsoft Windows 10 and Windows Server 2016 are both products of Microsoft Corporation.Microsoft Windows 10 is a set of operating systems for personal computers.Windows Server 2016 is a set of server operating systems.Edge is one of the a default browser that comes with the system. An informatio...

UBUNTU-CVE-2018-8102

The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service buffer over-read and application crash via a specific pdf file, as demonstrated by pdftohtml...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service DoS attacks. A malicious user can pass a pdf file to the application to cause a segmentation fault through the pdfreadnewxref method in the pdf/pdf-xref.c file, causing the application to crash...

Microsoft Edge Information Disclosure Vulnerability (CNVD-2018-00533)

Microsoft Windows 10 and Windows Server 2016 are both products of Microsoft Corporation USA. The former is an operating system for personal computers and the latter is a server operating system.Edge is one of the web browsers that comes with the system. An information disclosure vulnerability...

Information disclosure

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure...

Microsoft Windows Multiple Vulnerabilities (KB4056888)

This host is missing a critical security update according to Microsoft KB4056888 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4056890)

This host is missing a critical security update according to Microsoft KB4056890 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4056893)

This host is missing a critical security update according to Microsoft KB4056893 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KB4056890: Windows 10 Version 1607 and Windows Server 2016 January 2018 Security Update (Meltdown)(Spectre)

The remote Windows host is missing security update 4056890 or 4057142. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to...

Foxit PDF Reader Javascript File Write Remote Code Execution

A File Write Remote Code Execution vulnerability exists in the Foxit Reader. This vulnerability is due to The createDataObject Javascript API function allows for writing arbitrary files to the file system. A remote attacker could exploit this vulnerability by enticing a victim user to open a...

Foxit PDF Reader JBIG2 Parser Information Disclosure Vulnerability(CVE-2016-8334)

Summary A large out of bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. Tested Versions Foxit Software Foxit Reader 8.0.2.805 Produc...

Memory Corruption Vulnerability in Pleasant Book PDF Reader

Yue Book PDF Reader is an e-book reader developed by Shenzhen Ivy Software Technology Co. YueShu PDF Reader suffers from a memory corruption vulnerability when processing PDF files. An attacker can cause the program to crash by constructing some malformed PDF files...

PDF-XChange Viewer 2.5 (Build 314.0) Code Execution

Exploit Title: PDF-XChange Viewer 2.5 Build 314.0 Javascript API Remote Code Execution Exploit Powershell PDF Exploit Creation Date: 21-08-2017 Software Link 32bit: http://pdf-xchange-viewer.it.uptodown.com/windows Exploit Author: Daniele Votta Contact: [email protected] Website:...

Foxit to Fix PDF Reader Zero Days by Friday

In an about-face, Foxit Software says it will fix a pair of zero days in its PDF reader Foxit Reader and PhantomPDF, its PDF editing software. Foxit said it would push a patch for Reader and PhantomPDF, bringing the software to version 8.3.2, later this week—by Friday at the latest. The fixes com...

PDF-XChange Viewer 2.5 Build 314.0 - Code Execution

PDF-XChange Viewer 2.5 Build 314.0 - Code Execution Exploit Title: PDF-XChange Viewer 2.5 Build 314.0 Javascript API Remote Code Execution Exploit Powershell PDF Exploit Creation Date: 21-08-2017 Software Link 32bit: http://pdf-xchange-viewer.it.uptodown.com/windows Exploit Author: Daniele Votta...

PDF-XChange Viewer 2.5 Build 314.0 - Code Execution

Exploit Title: PDF-XChange Viewer 2.5 Build 314.0 Javascript API Remote Code Execution Exploit Powershell PDF Exploit Creation Date: 21-08-2017 Software Link 32bit: http://pdf-xchange-viewer.it.uptodown.com/windows Exploit Author: Daniele Votta Contact: [email protected] Website:...

Foxit PDF reader there 2 at high-risk vulnerabilities, the vendor has refused to fix? - Vulnerability warning-the black bar safety net

Use Foxit Foxit PDF reader's user to pay special attention to the security researchers which discovered two serious 0day vulnerability, such as not the reader is configured in the secure read mode open file, it would let the attacker on the target computer to execute arbitrary code. Foxit company...

Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader

Are you using Foxit PDF Reader? If yes, then you need to watch your back. Security researchers have discovered two critical zero-day security vulnerabilities in Foxit Reader software that could allow attackers to execute arbitrary code on a targeted computer, if not configured to open files in th...

Nitro Pro PDF Reader JavaScript API Remote Code Execution (CVE-2017-7442)

A Remote Code Execution Vulnerability exists in JavaScript API of Nitro and Nitro Pro PDF Reader. The vulnerability is due to the use of trusted function which provides certain privileges that allows overwriting objects. A remote attacker can exploit this vulnerability by enticing the user to ope...

Critical Security Fixes from Adobe, Microsoft

Adobe has released updates to fix dozens of vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, it's time once again to get your patche...