Lucene search
Steven Seeley (mr_me) of Offensive SecurityZDI-17-458HistoryJul 07, 2017 - 12:00 a.m.
Foxit Reader App alert Use-After-Free Remote Code Execution Vulnerability
2017-07-0700:00:00
Steven Seeley (mr_me) of Offensive Security
www.zerodayinitiative.com
7
0.028 Low
EPSS
Percentile
90.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.alert function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process.
Related
nvd
nvd
CVE-2017-10945
2017-10-31 19:29:00
prion
prion
Design/Logic Flaw
2017-10-31 19:29:00
cvelist
cvelist
CVE-2017-10945
2017-10-31 19:00:00
cve
cve
CVE-2017-10945
2017-10-31 19:29:00
openvas
openvas
Foxit Reader Multiple Vulnerabilities (Nov 2017) - Windows
2017-11-10 00:00:00
kaspersky
kaspersky
KLA11065 Multiple vulnerabilities in Foxit Reader
2017-07-04 00:00:00
nessus
nessus
Foxit Reader < 8.3.1 Multiple Vulnerabilities
2017-07-13 00:00:00
Foxit PhantomPDF < 8.3.1 Multiple Vulnerabilities
2017-07-13 00:00:00