610 matches found
CVE-2018-3943
Foxit Reader/PhantomPDF CVE-2018-3943 is a use-after-free in Foxit’s PDF Reader JavaScript engine (Foxit Reader 9.1.0.5096). A crafted PDF can reuse a freed object, allowing arbitrary code execution. Exploitation requires user action (opening the malicious file); if a browser plugin extension is ...
CVE-2018-3961
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this...
CVE-2018-3944
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...
CVE-2018-3962
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger...
CVE-2018-3958
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Subject property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this...
CVE-2018-3960
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this...
CVE-2018-3958
CVE-2018-3958 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (Foxit PDF Reader, version 9.1.0.5096). The defect occurs when accessing the Subject property of the this.info object. Exploitation requires user interaction: convincing a user to open a malicious PDF file, or...
PT-2018-16344 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.1.0.5096 Description: A use-after-free issue exists in the JavaScript engine. This can occur when accessing the Creator property of the this.info object. An attacker can trigger this issue by tricking a user into...
PT-2018-16345 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.1.0.5096 Description: A use-after-free issue exists in the JavaScript engine. This can occur when accessing the CreationDate property of the this.info object. An attacker can exploit this by tricking a user into...
Foxit PDF Reader JavaScript page change remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Foxit PDF Reader Javascript JSON.Stringify this.info Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Foxit PDF Reader Javascript Optional Content Group Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Foxit PDF Reader JavaScript getNthFieldName remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...
Foxit PDF Reader JavaScript Field object signatureInfo remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...
Foxit PDF Reader JavaScript getPageBox remote code execution vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...
Foxit PDF Reader Javascript removeDataObject Remote Code Execution Vulnerability
Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...
PT-2018-16335 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit Software's PDF Reader version 9.1.0.5096 Description: A use-after-free issue in the JavaScript engine allows for arbitrary code execution when a specially crafted PDF document is opened, causing a previously freed object in memory to be...
KB4457146: Security update for Adobe Flash Player (September 2018)
The remote Windows host is missing security update KB4457146. It is, therefore, affected by an information disclosure vulnerability in Adobe Flash Player. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid117419; scriptversion"1.8"; scriptcvsdate"Date: 2019/11/01";...
Adobe Flash Player <= 30.0.0.154 (APSB18-31)
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 30.0.0.154. It is therefore affected by an information disclosure vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Tor Browser Zero-Day Exploit Revealed Online – Patch Now
Zerodium, the infamous exploit vendor that earlier this year offered $1 million for submitting a zero-day exploit for Tor Browser, today publicly revealed a critical zero-day flaw in the anonymous browsing software that could reveal your identity to the sites you visit. In a Tweet, Zerodium share...