DATABASE RESOURCES PRICING ABOUT US

{"id": "ZDI-18-718", "vendorId": null, "type": "zdi", "bulletinFamily": "info", "title": "Foxit Reader getPageNthWord Type Confusion Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNthWord method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process.", "published": "2018-07-19T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-718/", "reporter": "nsfocus security team.", "references": ["https://www.foxitsoftware.com/support/security-bulletins.php"], "cvelist": ["CVE-2018-14258"], "immutableFields": [], "lastseen": "2022-02-10T00:00:00", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-14258"]}, {"type": "kaspersky", "idList": ["KLA11314"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813263"]}]}, "score": {"value": 2.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2018-14258"]}, {"type": "kaspersky", "idList": ["KLA11314"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813263"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2018-14258", "epss": "0.005690000", "percentile": "0.744960000", "modified": "2023-03-15"}], "vulnersScore": 2.4}, "_state": {"dependencies": 1647589307, "score": 1659743467, "epss": 1678948994}}

{"cve": [{"lastseen": "2023-02-09T14:10:29", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNthWord method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6021.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-07-31T20:29:00", "type": "cve", "title": "CVE-2018-14258", "cwe": ["CWE-704"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14258"], "modified": "2019-10-09T23:34:00", "cpe": ["cpe:/a:foxitsoftware:phantompdf:9.1.0.5096", "cpe:/a:foxitsoftware:foxit_reader:9.1.0.5096"], "id": "CVE-2018-14258", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14258", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:foxitsoftware:foxit_reader:9.1.0.5096:*:*:*:*:*:*:*", "cpe:2.3:a:foxitsoftware:phantompdf:9.1.0.5096:*:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2023-02-08T16:01:37", "description": "### *Detect date*:\n07/19/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.\n\n### *Affected products*:\nFoxit Reader earlier than 9.2.0.9097 \nFoxit PhantomPDF earlier than 9.2.0.9097\n\n### *Solution*:\nUpdate to the latest version \n[Download Foxit Reader](<https://www.foxitsoftware.com/downloads/#Foxit-Reader>) \n[Download Foxit PhantomPDF](<https://www.foxitsoftware.com/downloads/#Foxit-PhantomPDF-Business>)\n\n### *Original advisories*:\n[Security updates available in Foxit Reader 9.2 and Foxit PhantomPDF 9.2](<https://www.foxitsoftware.com/support/security-bulletins.php>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Foxit Reader](<https://threats.kaspersky.com/en/product/Foxit-Reader/>)\n\n### *CVE-IDS*:\n[CVE-2018-11617](<https://vulners.com/cve/CVE-2018-11617>)6.8High \n[CVE-2018-11618](<https://vulners.com/cve/CVE-2018-11618>)6.8High \n[CVE-2018-11619](<https://vulners.com/cve/CVE-2018-11619>)6.8High \n[CVE-2018-11620](<https://vulners.com/cve/CVE-2018-11620>)4.3Warning \n[CVE-2018-11621](<https://vulners.com/cve/CVE-2018-11621>)4.3Warning \n[CVE-2018-11622](<https://vulners.com/cve/CVE-2018-11622>)6.8High \n[CVE-2018-11623](<https://vulners.com/cve/CVE-2018-11623>)6.8High \n[CVE-2018-14241](<https://vulners.com/cve/CVE-2018-14241>)6.8High \n[CVE-2018-14242](<https://vulners.com/cve/CVE-2018-14242>)6.8High \n[CVE-2018-14243](<https://vulners.com/cve/CVE-2018-14243>)6.8High \n[CVE-2018-14244](<https://vulners.com/cve/CVE-2018-14244>)6.8High \n[CVE-2018-14245](<https://vulners.com/cve/CVE-2018-14245>)6.8High \n[CVE-2018-14246](<https://vulners.com/cve/CVE-2018-14246>)6.8High \n[CVE-2018-14247](<https://vulners.com/cve/CVE-2018-14247>)6.8High \n[CVE-2018-14248](<https://vulners.com/cve/CVE-2018-14248>)6.8High \n[CVE-2018-14249](<https://vulners.com/cve/CVE-2018-14249>)6.8High \n[CVE-2018-14250](<https://vulners.com/cve/CVE-2018-14250>)6.8High \n[CVE-2018-14251](<https://vulners.com/cve/CVE-2018-14251>)6.8High \n[CVE-2018-14252](<https://vulners.com/cve/CVE-2018-14252>)6.8High \n[CVE-2018-14253](<https://vulners.com/cve/CVE-2018-14253>)6.8High \n[CVE-2018-14254](<https://vulners.com/cve/CVE-2018-14254>)6.8High \n[CVE-2018-14255](<https://vulners.com/cve/CVE-2018-14255>)6.8High \n[CVE-2018-14256](<https://vulners.com/cve/CVE-2018-14256>)6.8High \n[CVE-2018-14257](<https://vulners.com/cve/CVE-2018-14257>)6.8High \n[CVE-2018-14258](<https://vulners.com/cve/CVE-2018-14258>)6.8High \n[CVE-2018-14259](<https://vulners.com/cve/CVE-2018-14259>)6.8High \n[CVE-2018-14260](<https://vulners.com/cve/CVE-2018-14260>)6.8High \n[CVE-2018-14261](<https://vulners.com/cve/CVE-2018-14261>)6.8High \n[CVE-2018-14262](<https://vulners.com/cve/CVE-2018-14262>)6.8High \n[CVE-2018-14263](<https://vulners.com/cve/CVE-2018-14263>)6.8High \n[CVE-2018-14264](<https://vulners.com/cve/CVE-2018-14264>)6.8High \n[CVE-2018-14265](<https://vulners.com/cve/CVE-2018-14265>)6.8High \n[CVE-2018-14266](<https://vulners.com/cve/CVE-2018-14266>)6.8High \n[CVE-2018-14267](<https://vulners.com/cve/CVE-2018-14267>)6.8High \n[CVE-2018-14268](<https://vulners.com/cve/CVE-2018-14268>)6.8High \n[CVE-2018-14269](<https://vulners.com/cve/CVE-2018-14269>)6.8High \n[CVE-2018-14270](<https://vulners.com/cve/CVE-2018-14270>)6.8High \n[CVE-2018-14271](<https://vulners.com/cve/CVE-2018-14271>)6.8High \n[CVE-2018-14272](<https://vulners.com/cve/CVE-2018-14272>)6.8High \n[CVE-2018-14273](<https://vulners.com/cve/CVE-2018-14273>)6.8High \n[CVE-2018-14274](<https://vulners.com/cve/CVE-2018-14274>)6.8High \n[CVE-2018-14275](<https://vulners.com/cve/CVE-2018-14275>)6.8High \n[CVE-2018-14276](<https://vulners.com/cve/CVE-2018-14276>)6.8High \n[CVE-2018-14277](<https://vulners.com/cve/CVE-2018-14277>)6.8High \n[CVE-2018-14278](<https://vulners.com/cve/CVE-2018-14278>)6.8High \n[CVE-2018-14279](<https://vulners.com/cve/CVE-2018-14279>)6.8High \n[CVE-2018-14280](<https://vulners.com/cve/CVE-2018-14280>)6.8High \n[CVE-2018-14281](<https://vulners.com/cve/CVE-2018-14281>)6.8High \n[CVE-2018-14282](<https://vulners.com/cve/CVE-2018-14282>)6.8High \n[CVE-2018-14283](<https://vulners.com/cve/CVE-2018-14283>)6.8High \n[CVE-2018-14284](<https://vulners.com/cve/CVE-2018-14284>)6.8High \n[CVE-2018-14285](<https://vulners.com/cve/CVE-2018-14285>)6.8High \n[CVE-2018-14286](<https://vulners.com/cve/CVE-2018-14286>)6.8High \n[CVE-2018-14287](<https://vulners.com/cve/CVE-2018-14287>)6.8High \n[CVE-2018-14288](<https://vulners.com/cve/CVE-2018-14288>)6.8High \n[CVE-2018-14289](<https://vulners.com/cve/CVE-2018-14289>)4.3Warning \n[CVE-2018-14290](<https://vulners.com/cve/CVE-2018-14290>)6.8High \n[CVE-2018-14291](<https://vulners.com/cve/CVE-2018-14291>)6.8High \n[CVE-2018-14292](<https://vulners.com/cve/CVE-2018-14292>)6.8High \n[CVE-2018-14293](<https://vulners.com/cve/CVE-2018-14293>)6.8High \n[CVE-2018-14294](<https://vulners.com/cve/CVE-2018-14294>)6.8High \n[CVE-2018-14295](<https://vulners.com/cve/CVE-2018-14295>)6.8High \n[CVE-2018-14296](<https://vulners.com/cve/CVE-2018-14296>)6.8High \n[CVE-2018-14297](<https://vulners.com/cve/CVE-2018-14297>)6.8High \n[CVE-2018-14298](<https://vulners.com/cve/CVE-2018-14298>)6.8High \n[CVE-2018-14299](<https://vulners.com/cve/CVE-2018-14299>)6.8High \n[CVE-2018-14300](<https://vulners.com/cve/CVE-2018-14300>)6.8High \n[CVE-2018-14301](<https://vulners.com/cve/CVE-2018-14301>)6.8High \n[CVE-2018-14302](<https://vulners.com/cve/CVE-2018-14302>)6.8High \n[CVE-2018-14303](<https://vulners.com/cve/CVE-2018-14303>)6.8High \n[CVE-2018-14304](<https://vulners.com/cve/CVE-2018-14304>)6.8High \n[CVE-2018-14305](<https://vulners.com/cve/CVE-2018-14305>)6.8High \n[CVE-2018-14306](<https://vulners.com/cve/CVE-2018-14306>)6.8High \n[CVE-2018-14307](<https://vulners.com/cve/CVE-2018-14307>)6.8High \n[CVE-2018-14308](<https://vulners.com/cve/CVE-2018-14308>)6.8High \n[CVE-2018-14309](<https://vulners.com/cve/CVE-2018-14309>)6.8High \n[CVE-2018-14310](<https://vulners.com/cve/CVE-2018-14310>)6.8High \n[CVE-2018-14311](<https://vulners.com/cve/CVE-2018-14311>)6.8High \n[CVE-2018-14312](<https://vulners.com/cve/CVE-2018-14312>)6.8High \n[CVE-2018-14313](<https://vulners.com/cve/CVE-2018-14313>)6.8High \n[CVE-2018-14314](<https://vulners.com/cve/CVE-2018-14314>)6.8High \n[CVE-2018-14315](<https://vulners.com/cve/CVE-2018-14315>)6.8High \n[CVE-2018-14316](<https://vulners.com/cve/CVE-2018-14316>)4.3Warning \n[CVE-2018-14317](<https://vulners.com/cve/CVE-2018-14317>)6.8High \n[CVE-2018-3924](<https://vulners.com/cve/CVE-2018-3924>)6.8High \n[CVE-2018-3939](<https://vulners.com/cve/CVE-2018-3939>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-07-19T00:00:00", "type": "kaspersky", "title": "KLA11314 Multiple vulnerabilities in Foxit Reader", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11617", "CVE-2018-11618", "CVE-2018-11619", "CVE-2018-11620", "CVE-2018-11621", "CVE-2018-11622", "CVE-2018-11623", "CVE-2018-14241", "CVE-2018-14242", "CVE-2018-14243", "CVE-2018-14244", "CVE-2018-14245", "CVE-2018-14246", "CVE-2018-14247", "CVE-2018-14248", "CVE-2018-14249", "CVE-2018-14250", "CVE-2018-14251", "CVE-2018-14252", "CVE-2018-14253", "CVE-2018-14254", "CVE-2018-14255", "CVE-2018-14256", "CVE-2018-14257", "CVE-2018-14258", "CVE-2018-14259", "CVE-2018-14260", "CVE-2018-14261", "CVE-2018-14262", "CVE-2018-14263", "CVE-2018-14264", "CVE-2018-14265", "CVE-2018-14266", "CVE-2018-14267", "CVE-2018-14268", "CVE-2018-14269", "CVE-2018-14270", "CVE-2018-14271", "CVE-2018-14272", "CVE-2018-14273", "CVE-2018-14274", "CVE-2018-14275", "CVE-2018-14276", "CVE-2018-14277", "CVE-2018-14278", "CVE-2018-14279", "CVE-2018-14280", "CVE-2018-14281", "CVE-2018-14282", "CVE-2018-14283", "CVE-2018-14284", "CVE-2018-14285", "CVE-2018-14286", "CVE-2018-14287", "CVE-2018-14288", "CVE-2018-14289", "CVE-2018-14290", "CVE-2018-14291", "CVE-2018-14292", "CVE-2018-14293", "CVE-2018-14294", "CVE-2018-14295", "CVE-2018-14296", "CVE-2018-14297", "CVE-2018-14298", "CVE-2018-14299", "CVE-2018-14300", "CVE-2018-14301", "CVE-2018-14302", "CVE-2018-14303", "CVE-2018-14304", "CVE-2018-14305", "CVE-2018-14306", "CVE-2018-14307", "CVE-2018-14308", "CVE-2018-14309", "CVE-2018-14310", "CVE-2018-14311", "CVE-2018-14312", "CVE-2018-14313", "CVE-2018-14314", "CVE-2018-14315", "CVE-2018-14316", "CVE-2018-14317", "CVE-2018-3924", "CVE-2018-3939"], "modified": "2020-06-03T00:00:00", "id": "KLA11314", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11314/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-07-17T14:18:37", "description": "The host is installed with Foxit Reader and\n is prone to multiple code execution vulnerabilities.", "cvss3": {}, "published": "2018-07-20T00:00:00", "type": "openvas", "title": "Foxit Reader 'JavaScript' Remote Code Execution Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14302", "CVE-2018-14281", "CVE-2018-17619", "CVE-2018-14283", "CVE-2018-11621", "CVE-2018-14264", "CVE-2018-14306", "CVE-2018-14276", "CVE-2018-14246", "CVE-2018-14272", "CVE-2018-14305", "CVE-2018-14290", "CVE-2018-14271", "CVE-2018-14243", "CVE-2018-14270", "CVE-2018-14241", "CVE-2018-14275", "CVE-2018-14304", "CVE-2018-14244", "CVE-2018-14258", "CVE-2018-14265", "CVE-2018-17618", "CVE-2018-14253", "CVE-2018-14309", "CVE-2018-14291", "CVE-2018-14286", "CVE-2018-17621", "CVE-2018-14257", "CVE-2018-14310", "CVE-2018-14254", "CVE-2018-17622", "CVE-2018-14279", "CVE-2018-14262", "CVE-2018-14301", "CVE-2018-3939", "CVE-2018-14274", "CVE-2018-14285", "CVE-2018-14260", "CVE-2018-14278", "CVE-2018-14307", "CVE-2018-17615", "CVE-2018-14293", "CVE-2018-14266", "CVE-2018-14315", "CVE-2018-14300", "CVE-2018-14294", "CVE-2018-14317", "CVE-2018-14312", "CVE-2018-14263", "CVE-2018-14297", "CVE-2018-14287", "CVE-2018-14242", "CVE-2018-14308", "CVE-2018-11617", "CVE-2018-14314", "CVE-2018-14249", "CVE-2018-14277", "CVE-2018-14261", "CVE-2018-14245", "CVE-2018-14273", "CVE-2018-14248", "CVE-2018-14316", "CVE-2018-14311", "CVE-2018-14292", "CVE-2018-14267", "CVE-2018-14247", "CVE-2018-11622", "CVE-2018-17617", "CVE-2018-14259", "CVE-2018-14313", "CVE-2018-14255", "CVE-2018-14268", "CVE-2018-14288", "CVE-2018-14298", "CVE-2018-17616", "CVE-2018-11620", "CVE-2018-11619", "CVE-2018-14256", "CVE-2018-17620", "CVE-2018-14269", "CVE-2018-11618", "CVE-2018-14284", "CVE-2018-14299", "CVE-2018-14289", "CVE-2018-17624", "CVE-2018-11623", "CVE-2018-3924", "CVE-2018-14280", "CVE-2018-14252", "CVE-2018-14303", "CVE-2018-14282", "CVE-2018-14251", "CVE-2018-14250"], "modified": "2019-07-05T00:00:00", "id": "OPENVAS:1361412562310813263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813263", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Foxit Reader 'JavaScript' Remote Code Execution Vulnerabilities (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation;\n# either version 2 of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:foxitsoftware:reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813263\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2018-11617\", \"CVE-2018-11618\", \"CVE-2018-11619\", \"CVE-2018-11620\",\n \"CVE-2018-11621\", \"CVE-2018-11622\", \"CVE-2018-11623\", \"CVE-2018-14241\",\n \"CVE-2018-14242\", \"CVE-2018-14243\", \"CVE-2018-14244\", \"CVE-2018-14245\",\n \"CVE-2018-14246\", \"CVE-2018-14247\", \"CVE-2018-14248\", \"CVE-2018-14249\",\n \"CVE-2018-14250\", \"CVE-2018-14251\", \"CVE-2018-14252\", \"CVE-2018-14253\",\n \"CVE-2018-14254\", \"CVE-2018-14255\", \"CVE-2018-14256\", \"CVE-2018-14257\",\n \"CVE-2018-14258\", \"CVE-2018-14259\", \"CVE-2018-14260\", \"CVE-2018-14261\",\n \"CVE-2018-14262\", \"CVE-2018-14263\", \"CVE-2018-14264\", \"CVE-2018-14265\",\n \"CVE-2018-14266\", \"CVE-2018-14267\", \"CVE-2018-14268\", \"CVE-2018-14269\",\n \"CVE-2018-14270\", \"CVE-2018-14271\", \"CVE-2018-14272\", \"CVE-2018-14273\",\n \"CVE-2018-14274\", \"CVE-2018-14275\", \"CVE-2018-14276\", \"CVE-2018-14277\",\n \"CVE-2018-14278\", \"CVE-2018-14279\", \"CVE-2018-14280\", \"CVE-2018-14281\",\n \"CVE-2018-14282\", \"CVE-2018-14283\", \"CVE-2018-14284\", \"CVE-2018-14285\",\n \"CVE-2018-14286\", \"CVE-2018-14287\", \"CVE-2018-14288\", \"CVE-2018-14289\",\n \"CVE-2018-14290\", \"CVE-2018-14291\", \"CVE-2018-14292\", \"CVE-2018-14293\",\n \"CVE-2018-14294\", \"CVE-2018-14297\", \"CVE-2018-14298\", \"CVE-2018-14299\",\n \"CVE-2018-14300\", \"CVE-2018-14301\", \"CVE-2018-14302\", \"CVE-2018-14303\",\n \"CVE-2018-14304\", \"CVE-2018-14305\", \"CVE-2018-14306\", \"CVE-2018-14307\",\n \"CVE-2018-14308\", \"CVE-2018-14309\", \"CVE-2018-14310\", \"CVE-2018-14311\",\n \"CVE-2018-14312\", \"CVE-2018-14313\", \"CVE-2018-14314\", \"CVE-2018-14315\",\n \"CVE-2018-14316\", \"CVE-2018-14317\", \"CVE-2018-3924\", \"CVE-2018-3939\",\n \"CVE-2018-17624\", \"CVE-2018-17622\", \"CVE-2018-17620\", \"CVE-2018-17621\",\n \"CVE-2018-17618\", \"CVE-2018-17619\", \"CVE-2018-17617\", \"CVE-2018-17615\",\n \"CVE-2018-17616\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-20 15:00:12 +0530 (Fri, 20 Jul 2018)\");\n script_name(\"Foxit Reader 'JavaScript' Remote Code Execution Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Foxit Reader and\n is prone to multiple code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - The user-after-free vulnerability that exists in the JavaScript, When\n executing embedded JavaScript code a document can be cloned. which frees\n a lot of used objects, but the JavaScript can continue to execute.\n\n - The use-after-free vulnerability found in the Javascript engine that can\n result in remote code execution.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Foxit Reader versions before 9.2 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Foxit Reader version 9.2\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://www.foxitsoftware.com/support/security-bulletins.php#content-2018\");\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_foxit_reader_detect_portable_win.nasl\");\n script_mandatory_keys(\"foxit/reader/ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\npdfVer = infos['version'];\npdfPath = infos['location'];\n\nif(version_is_less(version:pdfVer, test_version:\"9.2\"))\n{\n report = report_fixed_ver(installed_version:pdfVer, fixed_version:\"9.2\", install_path:pdfPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}