A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system. The vulnerability exists due to use-after-free error within the handling of Doc objects when processing PDF files. The vulnerability allows a remote attacker to compromise vulnerable system. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system. The vulnerability exists due to improper compiling for an Unsigned32 result in the V8 JavaScript Engine. The vulnerability allows a remote attacker to execute arbitrary code on the target system. MitigationĬWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') Signature information when handling certain signed PDF files. A remote attacker can perform Incremental Saving Attack and Shadow Attack and deliver incorrect ![]() The vulnerability exists due to a parsing error when handling signatures in PDF files. ![]() The vulnerability allows a remote attacker to perform spoofing attack. Mitigationģ) Improper Verification of Cryptographic SignatureĬWE-ID: CWE-347 - Improper Verification of Cryptographic Signature A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application. The vulnerability exists due to a boundary condition when handling certain encrypted PDFs with abnormal encryption dictionary. The vulnerability allows a remote attacker to crash the application. Is there known malware, which exploits this vulnerability? ![]() How the attacker can exploit this vulnerability? cpe:2.3:a:foxit_software:foxit_reader_for_windows:11.7:*:*:*:*:*:*:*Ĭan this vulnerability be exploited remotely?.Vulnerable software versionsįoxit PDF Reader for Windows: 10.8 - 11.7įoxit PDF Editor (formerly Foxit PhantomPDF): 11. A remote attacker can trick the victim to open a specially crafted PDF file and perform a denial of service (DoS) attack. The vulnerability exists due to a NULL pointer dereference error when executing JavaScripts in certain PDF files. The vulnerability allows a remote attacker to perform a denial of service (DoS) attack. CWE-ID: CWE-476 - NULL Pointer Dereference
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |