1982 matches found
Foxit Reader and PhantonPDF XFA gotoURL Command Injection (CVE-2017-10953; CVE-2019-8160)
A command injection vulnerability exists in the XFA component of Foxit Reader and PhantomPDF. This vulnerability is due to improper handling of user-supplied string for the gotoURL function call. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious web...
Code injection
Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at...
CVE-2017-14694
Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at...
CVE-2017-14694
CVE-2017-14694 affects Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier when running in single instance mode. The vulnerability allows arbitrary code execution or denial of service via a crafted PDF, due to a fault in Data from Faulting Address that controls code ...
CVE-2017-14694
Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at...
Foxit PhantomPDF < 8.3.2 Multiple Vulnerabilities
According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the app.launchURL method allowing a context-dependent attacker to potentially...
Foxit to Fix PDF Reader Zero Days by Friday
In an about-face, Foxit Software says it will fix a pair of zero days in its PDF reader Foxit Reader and PhantomPDF, its PDF editing software. Foxit said it would push a patch for Reader and PhantomPDF, bringing the software to version 8.3.2, later this week—by Friday at the latest. The fixes com...
Foxit PhantomPDF < 7.3.15 Multiple Vulnerabilities
According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 7.3.15. It is, therefore, affected by multiple vulnerabilities : - An unspecified NULL pointer dereference flaw allows an unauthenticated, remote attacker to cause...
KLA11093 Arbitrary code execution vulnerabilities in Foxit Reader
Multiple serious vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. An improper validation of user-supplied data in the saveAs Java script function can b...
Foxit PhantomPDF < 8.3.1 Multiple Vulnerabilities
According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.1. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in the AFParseDateEx function. An unauthenticated, remote attacker...
Foxit Reader and PhantomPDF Arbitrary Write Remote Code Execution Vulnerability
Foxit Reader is a PDF document reader from China's Foxit Software Corporation.Foxit PhantomPDF is a commercial version. A security vulnerability exists in Foxit Reader versions prior to 8.3.1 and PhantomPDF versions prior to 8.3.1. A remote attacker can exploit the vulnerability to execute...
Foxit PhantomPDF Arbitrary Write RCE Vulnerability - Windows
Foxit PhantomPDF is prone to an arbitrary write vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Code injection
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document...
CVE-2017-10994
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document...
CVE-2017-10994
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document...
CVE-2017-10994
Foxit CVE-2017-10994 affects Foxit Reader before 8.3.1 and Foxit PhantomPDF before 8.3.1. The vulnerability is described as an Arbitrary Write flaw that allows a remote attacker to execute arbitrary code via a crafted PDF document. Multiple connected advisories corroborate that the issue is a rem...
Foxit Reader Arbitrary Code Execution Vulnerability (CNVD-2017-06802)
Foxit Reader old name: Foxit PDF Reader, is a set of software used to read PDF format files, developed by Foxit Software Fujian Foxit Phantom is a professional PDF electronic document suite for businesses, running fast, easy to use and affordable. An arbitrary code execution vulnerability exists ...
Foxit Reader Information Disclosure Vulnerability
Foxit Reader old name: Foxit PDF Reader, is a set of software used to read PDF format files, developed by Foxit Software Fujian Foxit Phantom is a professional PDF electronic document suite for businesses, running fast, easy to use and affordable. An information disclosure vulnerability exists in...
Foxit Reader Remote Code Execution Vulnerability
Foxit Reader old name: Foxit PDF Reader, is a set of software used to read PDF format files, developed by Foxit Software Fujian Foxit Phantom is a professional PDF electronic document suite for businesses, running fast, easy to use and affordable. A remote code execution vulnerability exists in...
Out-of-bounds
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document...