HomePentest-Tools.com Logo

Foxit Reader Multiple Remote Code Execution Vulnerabilities CVE-2016-4059CVE-2016-4060CVE-2016-4061CVE-2016-4062CVE-2016-4063CVE-2016-4064CVE-2016-4065

Severity
CVSSv3 Score
7.8
Vulnerability description

Foxit Reader is prone to multiple vulnerabilities.

Risk description

Multiple flaws exist due to: - The multiple Use-after-free vulnerabilities. - The error in parsing malformed content stream. - The application recursively called the format error of some PDFs and led to no response when opening the PDF. - The destructor of the object whose generation number is -1 in the PDF file could release the file handle which had been imported by the application layer. - The error in decoding corrupted images during PDF conversion with the gflags app enabled. - The XFAs underlying data failed to synchronize with that of PhantomPDF/Reader caused by the re-layout underlying XFA. Successful exploitation will allow remote attackers to cause a denial of service (application crash).

Recommendation

Upgrade to Foxit Reader version 7.3.4 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 22, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available