User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.8. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Īn Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Īn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Īn exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution.
parses files with associated file annotations. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.Īn exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9. An attacker needs to trick the user to open a malicious file to trigger this vulnerability. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution.
An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.
0 kommentar(er)
