Filtered by vendor Foxitsoftware
Subscriptions
Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-10959 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4981. | ||||
| CVE-2017-10958 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the value attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4980. | ||||
| CVE-2017-10957 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4979. | ||||
| CVE-2017-10956 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index member of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4978. | ||||
| CVE-2017-10953 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the gotoURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5030. | ||||
| CVE-2017-10952 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs JavaScript function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4518. | ||||
| CVE-2017-10951 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within app.launchURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4724. | ||||
| CVE-2017-10948 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.execMenuItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4723. | ||||
| CVE-2017-10947 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4722. | ||||
| CVE-2017-10946 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4721. | ||||
| CVE-2017-10945 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.alert function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4855. | ||||
| CVE-2017-10944 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ObjStm objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-4846. | ||||
| CVE-2017-10943 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4738. | ||||
| CVE-2017-10942 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4737. | ||||
| CVE-2017-10941 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFParseDateEx function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4816. | ||||
| CVE-2016-8334 | 1 Foxitsoftware | 1 Reader | 2024-11-21 | N/A |
| A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. | ||||
| CVE-2016-6169 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | N/A |
| Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafted PDF file. | ||||
| CVE-2016-6168 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | N/A |
| Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file. | ||||
| CVE-2016-3740 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | N/A |
| Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0. | ||||
| CVE-2024-41605 | 1 Foxitsoftware | 1 Foxit Pdf Editor | 2024-09-30 | 8.4 High |
| In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a Trojan horse via side loading, because the update service lacks integrity validation for the updater. Attacker-controlled code may thus be executed. | ||||