CVE-2020-13557

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

CVE-2020-13557

CVE-2020-13557 is a use-after-free in Foxit PDF Reader’s JavaScript engine (Foxit Reader 10.1.0.37527). A crafted PDF can trigger reuse of freed memory, enabling arbitrary code execution. User interaction is required (opening the malicious file); if the browser plugin is enabled, visiting a malic...

Denial of Service Vulnerability in Foxit Reader (CNVD-2020-75689)

Foxit Reader is a PDF document reader. Foxit Reader has a denial of service vulnerability that can be exploited by attackers to cause denial of service attacks...

Vulnerability Spotlight: Multiple vulnerabilities in Foxit PDF Reader JavaScript engine

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary Cisco Talos recently discovered multiple vulnerabilities in Foxit PDF Reader’s JavaScript engine. Foxit PDF Reader is a commonly used PDF reader that contains many features, including the...

Foxit Reader Javascript Field fileSelect Use After Free Vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

Foxit Reader JavaScript choice field format event use-after-free vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

Foxit Reader JavaScript choice field use-after-free vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

Aurora PDF Reader has a dll hijacking vulnerability (NVD-C-2020-294256)

Aurora PDF Reader is a PDF file viewing software. Aurora PDF Reader has a dll hijacking vulnerability that can be exploited by attackers to load malicious dlls and execute malicious code...

Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China. "Many mature and hard targets have bee...

Vulnerability Spotlight: Multiple JavaScript vulnerabilities in Adobe Acrobat Reader

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Joe Marshall Cisco Talos recently discovered an heap buffer overflow and a use after free vulnerability in Adobe Acrobat Reader. Adobe Acrobat Reader is one of the most popular and feature-rich PDF readers on the market. ...

Command Execution Vulnerability in Aurora PDF Reader pc Client Software

Aurora PDF Reader is a reading conversion tool. Aurora PDF Reader pc client software has a command execution vulnerability that can be exploited by an attacker to gain control of the server...

Command Execution Vulnerability in PDF Reader on Cloud

Cloud PDF Reader is a PDF reading and editing software. A command execution vulnerability exists in PDF Reader on Cloud, which can be exploited by an attacker to gain control of the server...

Command Execution Vulnerability in PDF Master pc Client Software

XunRead PDF is a PDF reader with extremely fast startup speed and low memory consumption. A command execution vulnerability exists in the XunRead PDF Master pc client software, which can be exploited by an attacker to gain control of the server...

Threat Source newsletter for Sept. 17, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We’ve got a couple of vulnerabilities you should know about. Monday, we disclosed a bug in Google Chrome’s PDFium feature that opens the door for an adversary to execute remote code. Our researchers also discovered several...

CVE-2020-1568

A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

Remote code execution

A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked

Microsoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products. This month's Patch Tuesday updates address a total of 120 newly discovered software vulnerabilities, of which 17 are critical, and th...

Adobe Acrobat/Reader Out-of-Bounds Read Vulnerability (CNVD-2020-46035)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe.Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader has an out-of-bounds read vulnerability that can be exploited by attackers to obtain information...

Microsoft Edge PDF Reader Remote Code Execution Vulnerability (CNVD-2020-61586)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A remote code execution vulnerability exists in Microsoft Edge PDF Reader, which stems from the program failing to properly handle objects in memory. An attacker can exploit the...

Adobe Acrobat/Reader Security Feature Bypass Vulnerability (CNVD-2020-46046)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe.Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader has a security feature bypass vulnerability that can be exploited by attackers to bypass security features...