User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. (CVE-2022-34874) - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.7. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. The specific flaw exists within the handling of Doc objects. (CVE-2022-34873) - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.5. The specific flaw exists within the handling of Annotation objects. (CVE-2022-27944) - This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.7. (CVE-2022-26979) - Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because can be NULL. Synopsis A PDF toolkit installed on the remote Windows host is affected by multiple vulnerabilities Description According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 11.2.3.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |