SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Foxit Reader Vendors:   Foxit Software
Foxit Reader Multiple Flaws Let Remote Users Execute Arbitrary Code, Write Files, Deny Service, and Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1041353
SecurityTracker URL:  http://securitytracker.com/id/1041353
CVE Reference:   CVE-2018-3924   (Links to External Site)
Date:  Jul 20 2018
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.1.0.5096 and prior
Description:   Several vulnerabilities were reported in Foxit Reader. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions on the target system. A remote user can write files on the target system. A remote user can obtain potentially sensitive information on the target system.

A remote user can trigger an error when executing exportAsFDF or exportData JavaScript to write arbitrary files on the target system.

A remote user can obtain potentially sensitive information when executing GoToE & GoToR actions.

A remote user can trigger an out-of-bounds memory read error when executing the GetAssociatedPageIndex() function to obtain potentially sensitive information.

An out-of-bounds memory read/write error may occur when parsing or converting JPG files.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A use-after-free memory error may occur [CVE-2018-3924, CVE-2018-3939].

A type confusion error may occur when calling the addAdLayer() function.

A type confusion error may occur when transforming non-XFA-node to XFA-node.

A type confusion error may occur when parsing 'ColorSpace'.

An uninitialized pointer error may occur.

A heap overflow may occur.

An integer overflow may occur.

A remote user can trigger a large JavaScript buffer allocation to cause the application to crash.

An anonymous researcher (via Trend Micro's Zero Day Initiative), Sudhakar Verma and Ashfaq Ansari - Project Srishti (via iDefense Labs), nsfocus security team (via Trend Micro's Zero Day Initiative), bit - MeePwn team (via Trend Micro's Zero Day Initiative), Steven Seeley (mr_me) of Source Incite via (Trend Micro's Zero Day Initiative), Esteban Ruiz of Source Incite (via Trend Micro's Zero Day Initiative), Aleksandar Nikolic of Cisco Talos, soiax (via Trend Micro's Zero Day Initiative), TrendyTofu of Trend Micro Zero Day Initiative, Deepu, and Zhiyuan Wang of Chengdu Qihoo360 Tech Co. Ltd reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can cause denial of service conditions.

A remote user can write files on the target system.

A remote user can obtain potentially sensitive information on the target system.

Solution:   The vendor has issued a fix (9.2).

The vendor advisory is available at:

https://www.foxitsoftware.com/support/security-bulletins.php

Vendor URL:  www.foxitsoftware.com/support/security-bulletins.php (Links to External Site)
Cause:   Access control error, Boundary error, State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC