![]() TALOS-2018-0536 TALOS-2018-0536 / CVE-2018-3853 is a use-after-free vulnerability that exists in the JavaScript engine of the Foxit PDF Reader. Full details of the vulnerability can be found here. There are a couple of different ways an adversary could leverage this attack including tricking a user to opening a malicious PDF or, if the browser plugin is enabled, simply viewing the document on the Internet could result in exploitation. A specially crafted PDF file could trigger this vulnerability resulting in sensitive memory disclosure or, potentially, arbitrary code execution. This specific vulnerability lies in the '()' method, which results in a use-after-free condition. TALOS-2018-0532 TALOS-2018-0532 / CVE-2018-3850 is a use-after-free vulnerability that exists in the Javascript engine of the Foxit PDF Reader. ![]() TALOS-2018-0526 TALOS-2018-0526 / CVE-2018-3843 results from a type confusion vulnerability in the way Foxit PDF reader parses files with associated extensions. A specially craft PDF file could trigger this vulnerability. TALOS-2018-0525 TALOS-2018-0525 / CVE-2018-3842 results from an exploitable use of an uninitialized pointer in the Javascript engine in the Foxit PDF Reader that can result in remote code execution. Or, if the browser plugin is enabled, simply viewing the document on the internet could result in exploitation. There are a couple of different ways an adversary could leverage this attack, including tricking a user into opening a malicious PDF. Taking advantage of this, a specially crafted PDF document can trigger a previously freed object in memory to be reused, which results in arbitrary code execution. When executing embedded JavaScript code, a document can be closed, which essentially frees up a lot of used objects, but the JavaScript can continue to execute. TALOS-2017-0506 TALOS-2017-0506 / CVE-2017-14458 in an exploitable use-after-free vulnerability that exists specifically in the JavaScript engine of Foxit PDF Reader. Update to the current version of Foxit PDF Reader.ĭetails Vulnerabilities Discovered by Aleksandar Nikolic It is commonly used as an alternative to Adobe Acrobat Reader and has a widely used browser plugin available. Foxit PDF Reader is a popular free program for viewing, creating, and editing PDF documents. Overview Talos is disclosing five vulnerabilities in Foxit PDF Reader.
0 Comments
Leave a Reply. |