Multiple vulnerabilities reported in the Foxit PDF reader allows an attacker to execute the arbitrary code on the user’s system and obtain sensitive information. The vulnerability affects all the versions of Foxit Reader and Foxit PhantomPDF.
Foxit is the most popular free software for creating, editing and viewing PDF documents. Security researchers from Cisco Talos, Threat Response, Trend Micro’s Zero Day Initiative Foxit PDF Reader vulnerabilities.
CVE-2017-14458 – use-after-free Vulnerability that resides in JavaScript engine of Foxit PDF Reader, attackers could trigger this vulnerability with a specially crafted PDF document.
CVE-2017-17557 – Heap Buffer Overflow Remote Code Execution vulnerability that may crash the application.
CVE-2018-3842 – Uninitialized pointer vulnerability in the Javascript engine of Foxit PDF Reader that could result in remote code execution.
CVE-2018-3843 – Type confusion vulnerability in the way Foxit reader handles the files with associated extensions.
CVE-2018-3850 – the use-after-free vulnerability that resulting in sensitive memory disclosure or, potentially, arbitrary code execution.
CVE-2018-3853 – use-after-free vulnerability with javascript engine that lies in combinations of the ‘createTemplate’ and ‘closeDoc’ methods.
Also Read Creating and Analyzing a Malicious PDF File with PDF-Parser Tool
Assaf Baharav of Threat Response Research Team Addressed a potential issue where the application could be exposed to Remote Code Execution by abusing GoToE & GoToR Actions.
Ye Yint Min Thu htut Addressed a potential issue where the application could be exposed to Unsafe DLL Loading vulnerability that could be exploited by attackers to execute remote code.
Foxit team released an update Foxit Reader and Foxit PhantomPDF. Users are highly recommended to update with new version 9.1 of Foxit Reader and Foxit PhantomPDF.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…