HomePentest-Tools.com Logo

Foxit PhantomPDF Multiple Vulnerabilities-May18 (Windows) CVE-2017-17557CVE-2017-14458CVE-2018-3842CVE-2018-3853CVE-2018-3850CVE-2018-10303CVE-2018-10302CVE-2018-3843

Severity
CVSSv3 Score
8.8
Vulnerability description

Foxit PhantomPDF is prone to multiple vulnerabilities.

Risk description

Multiple flaws exist due to: - An unsafe DLL loading as application passes an insufficiently qualified path in loading an external library when a user launches the application. - An out-of-bounds read and write error. - A type confusion error while executing certain XFA functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object without judging the data type and use the discrepant CXFA_Object to get layout object directly. - An unspecified error in GoToE & GoToR Actions. - The application is not running in Safe-Reading-Mode and can be abused via _JP2_Codestream_Read_SOT function. - An error as application do not handle a COM object properly. - A use-after-free error as the application could continue to traverse pages after the document has been closed or free certain objects repeatedly. - Uninitialized memory or pointer error due to the use of uninitialized new Uint32Array object or member variables in PrintParams or m_pCurContex objects. - A use-after-free error due to the use of freed object when executing JavaScript or invoking certain functions to get object properties. - A use-after-free error due to the use of object which has been closed or removed. - A type confusion error when parsing files with associated file annotations due to deference of an object of invalid type. Successful exploitation will allow remote attackers to cause a denial of service condition, execute arbitrary code and gain access to sensitive data from memory.

Recommendation

Upgrade to Foxit PhantomPDF version 8.3.6 or later. Please see the references for more information.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 23, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available