Design/Logic Flaw

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Stack overflow

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-17415

CVE-2020-17415 affects Foxit PhantomPDF (notably the Update Service) where incorrect permissions on a configuration/resource used by the update service allow a local, low-privilege attacker to escalate to SYSTEM and execute code. Affected versions include PhantomPDF 10.0.0.35798 (and related 10.0...

CVE-2020-17415

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2020-17412

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-17413

Foxit PhantomPDF 10.0.0.35798 is affected by CVE-2020-17413 due to a stack-based buffer overflow when parsing U3D objects in PDFs. The root cause is improper validation of the length of user-supplied data before copying to a fixed-length stack buffer, enabling remote code execution with required ...

CVE-2020-17412

The CVE-2020-17412 entry concerns Foxit PhantomPDF 10.0.0.35798 with a vulnerability in the handling of U3D objects embedded in PDF files. The issue arises from inadequate validation of user-supplied data, leading to a write past the end of an allocated structure and potential remote code executi...

CVE-2020-17411

CVE-2020-17411 affects Foxit PhantomPDF 10.0.0.35798. The flaw is in handling of U3D objects embedded in PDF files, caused by inadequate validation of user-supplied data, leading to an information-disclosure/out-of-bounds condition (read past end of an allocated object). Exploitation requires use...

CVE-2020-17411

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2020-17410

Foxit PhantomPDF 10.0.0.35798 and earlier is affected by a GIF file parsing use-after-free vulnerability. The bug stems from not validating the existence of an object before performing operations, enabling arbitrary code execution in the context of the current process. Exploitation requires user ...

CVE-2020-17410

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Reader and PhantomPDF Resource Management Error Vulnerability (CNVD-2020-65174)

Foxit Reader is a popular program for viewing PDF files. A resource management error vulnerability exists in Foxit Reader Field::ClearItems/Field::DeleteOptions. A remote attacker can exploit the vulnerability by submitting a special file request and tricking the user into parsing it, which could...

Foxit PhantomPDF < 10.1 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 10.1. It is, therefore affected by multiple vulnerabilities. Note that Nessus has not tested for this issue but has instead relied only on the application's...

CVE-2020-26537

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write...

CVE-2020-26538

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory...

CVE-2020-26534

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution...

CVE-2020-26537

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write...

CVE-2020-26540

An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection or an information leak can occur...

CVE-2020-26536

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document...