Foxit Reader
Approved changes feed: RSS · Atom
cpe:2.3:a:foxit:foxit_reader:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Foxit (3778a6df-af29-5bee-a995-959672e13d77) |
|---|---|
| Product | Foxit Reader (7cbd1509-cf0e-5139-b458-67ab55ed81b4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-32451 |
vulnerable | 2026-06-08 07:18:59.807981 |
Details available
HIGH (8.8)
A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2025-08-13T13:37:18.689Z
Updated: 2025-11-03T19:53:29.625Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-49576 |
vulnerable | 2026-06-08 06:50:14.284623 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2024-12-18T15:57:33.904Z
Updated: 2024-12-18T18:03:41.559Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47810 |
vulnerable | 2026-06-08 06:48:13.290938 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2024-12-18T15:57:33.217Z
Updated: 2024-12-18T18:03:40.626Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29072 |
vulnerable | 2026-06-08 06:33:28.644370 |
Details available
HIGH (8.2)
A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.
Published: 2024-05-28T13:52:58.113Z
Updated: 2025-02-13T17:47:36.385Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28888 |
vulnerable | 2026-06-08 06:33:27.816452 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2024-10-02T20:51:44.661Z
Updated: 2025-09-23T14:17:01.678Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25938 |
vulnerable | 2026-06-08 06:31:24.039672 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2024-04-30T14:38:40.223Z
Updated: 2025-11-04T17:14:32.777Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25648 |
vulnerable | 2026-06-08 06:31:23.674819 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2024-04-30T14:38:39.662Z
Updated: 2025-12-16T18:13:17.669Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25575 |
vulnerable | 2026-06-08 06:31:23.254683 |
Details available
HIGH (8.8)
A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2024-04-30T14:38:39.114Z
Updated: 2025-12-16T18:13:17.384Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41257 |
vulnerable | 2026-06-08 06:11:05.676267 |
Details available
HIGH (8.8)
A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2023-11-27T15:25:09.111Z
Updated: 2025-11-04T19:21:04.665Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40194 |
vulnerable | 2026-06-08 06:09:41.422273 |
Details available
HIGH (8.8)
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2023-11-27T15:25:11.538Z
Updated: 2025-11-04T19:17:47.562Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39542 |
vulnerable | 2026-06-08 06:09:37.682278 |
Details available
HIGH (8.8)
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2023-11-27T15:25:12.044Z
Updated: 2025-11-04T19:17:44.282Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38573 |
vulnerable | 2026-06-08 06:08:18.371467 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2023-11-27T15:25:08.575Z
Updated: 2025-11-04T19:17:19.224Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-35985 |
vulnerable | 2026-06-08 06:06:28.254342 |
Details available
HIGH (8.8)
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.
Published: 2023-11-27T15:25:11.052Z
Updated: 2025-11-04T19:17:06.076Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-33876 |
vulnerable | 2026-06-08 06:06:23.707617 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2023-07-19T13:16:36.125Z
Updated: 2025-11-04T19:16:30.121Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-33866 |
vulnerable | 2026-06-08 06:06:23.632762 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2023-07-19T13:16:37.327Z
Updated: 2025-11-04T19:16:29.026Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32664 |
vulnerable | 2026-06-08 06:04:46.740707 |
Details available
HIGH (8.8)
A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.
Published: 2023-07-19T13:16:36.811Z
Updated: 2025-11-04T19:16:26.851Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32616 |
vulnerable | 2026-06-08 06:04:46.612714 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2023-11-27T15:25:09.602Z
Updated: 2025-11-04T19:16:21.332Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-28744 |
vulnerable | 2026-06-08 06:02:35.329049 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2023-07-19T13:16:38.150Z
Updated: 2025-11-04T19:15:55.860Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-27379 |
vulnerable | 2026-06-08 05:57:41.028912 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2023-07-19T13:16:37.729Z
Updated: 2024-08-02T12:09:43.432Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-40129 |
vulnerable | 2026-06-08 05:48:22.916816 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.
Published: 2022-11-21T16:05:38.215Z
Updated: 2025-04-15T18:39:51.574Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38097 |
vulnerable | 2026-06-08 05:47:15.708084 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely destroying annotation objects, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.
Published: 2022-11-21T16:05:37.153Z
Updated: 2025-04-15T18:40:02.047Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-37332 |
vulnerable | 2026-06-08 05:47:12.371540 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing media player API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.
Published: 2022-11-21T16:05:36.155Z
Updated: 2025-04-15T18:40:12.492Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-32774 |
vulnerable | 2026-06-08 05:44:45.777541 |
Details available
HIGH (8.8)
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.
Published: 2022-11-21T16:05:35.031Z
Updated: 2025-04-15T18:40:22.174Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9984 |
vulnerable | 2026-06-08 05:12:08.402401 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Image Channels objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5495.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.335Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9983 |
vulnerable | 2026-06-08 05:12:08.397831 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the context process. Was ZDI-CAN-5494.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.270Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9982 |
vulnerable | 2026-06-08 05:12:08.397526 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the Texture Width in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5483.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.338Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9981 |
vulnerable | 2026-06-08 05:12:08.397199 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5431.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.409Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9980 |
vulnerable | 2026-06-08 05:12:08.396861 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5430.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.361Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9979 |
vulnerable | 2026-06-08 05:12:08.396537 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Continuation objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5429.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.328Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9978 |
vulnerable | 2026-06-08 05:12:08.396201 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the context process. Was ZDI-CAN-5428.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.321Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9977 |
vulnerable | 2026-06-08 05:12:08.395769 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Modifier Chain objects in U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5427.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.361Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9976 |
vulnerable | 2026-06-08 05:12:08.395440 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5425.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.351Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9975 |
vulnerable | 2026-06-08 05:12:08.395095 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shift events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5762.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.335Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9974 |
vulnerable | 2026-06-08 05:12:08.394648 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5895.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.363Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9973 |
vulnerable | 2026-06-08 05:12:08.394303 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5758.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.271Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9972 |
vulnerable | 2026-06-08 05:12:08.393923 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5755.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.372Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9971 |
vulnerable | 2026-06-08 05:12:08.383358 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.104. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5754.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.450Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9970 |
vulnerable | 2026-06-08 05:12:08.383045 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA execEvent method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5580.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.338Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9969 |
vulnerable | 2026-06-08 05:12:08.382660 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA boundItem method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5579.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.340Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9968 |
vulnerable | 2026-06-08 05:12:08.382229 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Keystroke actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5572.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.335Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9967 |
vulnerable | 2026-06-08 05:12:08.381894 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5571.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.334Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9965 |
vulnerable | 2026-06-08 05:12:08.381104 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5569.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.303Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9964 |
vulnerable | 2026-06-08 05:12:08.380603 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the name attribute of OCG objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5568.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.304Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9963 |
vulnerable | 2026-06-08 05:12:08.380168 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5549.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.405Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9962 |
vulnerable | 2026-06-08 05:12:08.379614 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Annotation's author attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5435.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.310Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9961 |
vulnerable | 2026-06-08 05:12:08.379270 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the rect Field attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5434.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.257Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9960 |
vulnerable | 2026-06-08 05:12:08.378938 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the textColor Field attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5433.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.311Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9959 |
vulnerable | 2026-06-08 05:12:08.378489 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the pageNum document attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5432.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.292Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9958 |
vulnerable | 2026-06-08 05:12:08.378064 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.410Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9957 |
vulnerable | 2026-06-08 05:12:08.377695 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When parsing arguments passed to the resetData method, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5618.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.331Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9956 |
vulnerable | 2026-06-08 05:12:08.377377 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the title attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5617.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.365Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9955 |
vulnerable | 2026-06-08 05:12:08.377053 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNode method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5531.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.379Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9954 |
vulnerable | 2026-06-08 05:12:08.376720 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the y attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5529.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.303Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9953 |
vulnerable | 2026-06-08 05:12:08.376409 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNodes method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5528.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.350Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9952 |
vulnerable | 2026-06-08 05:12:08.376082 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the formattedValue attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5527.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.321Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9951 |
vulnerable | 2026-06-08 05:12:08.375658 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CPDF_Object objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5414.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.363Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9950 |
vulnerable | 2026-06-08 05:12:08.375206 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5413.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.404Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9949 |
vulnerable | 2026-06-08 05:12:08.374793 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIFF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5473.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.266Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9948 |
vulnerable | 2026-06-08 05:12:08.374264 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.445Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9947 |
vulnerable | 2026-06-08 05:12:08.373776 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5472.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.256Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9946 |
vulnerable | 2026-06-08 05:12:08.373341 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setTimeOut method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5471.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.302Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9945 |
vulnerable | 2026-06-08 05:12:08.373003 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5382.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.276Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9944 |
vulnerable | 2026-06-08 05:12:08.372529 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addLink method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5379.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.267Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9943 |
vulnerable | 2026-06-08 05:12:08.372171 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openList method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5377.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.341Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9942 |
vulnerable | 2026-06-08 05:12:08.371697 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record remove method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5376.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.219Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9941 |
vulnerable | 2026-06-08 05:12:08.371371 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record append method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5375.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.286Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9940 |
vulnerable | 2026-06-08 05:12:08.371031 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the layout sheet attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5374.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.358Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9939 |
vulnerable | 2026-06-08 05:12:08.370701 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of layout elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5373.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.268Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9938 |
vulnerable | 2026-06-08 05:12:08.370380 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5372.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.360Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9937 |
vulnerable | 2026-06-08 05:12:08.370036 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of subform elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5371.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.357Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9936 |
vulnerable | 2026-06-08 05:12:08.369666 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of field elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5370.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.302Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-9935 |
vulnerable | 2026-06-08 05:12:08.368377 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5312.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:24:56.279Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1180 |
vulnerable | 2026-06-08 05:11:17.110651 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSimple_Calculate method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5491.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T03:51:48.982Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1179 |
vulnerable | 2026-06-08 05:11:17.110006 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DataSubBlock structures in GIF images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5490.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T03:51:48.992Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1178 |
vulnerable | 2026-06-08 05:11:17.109469 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5489.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T03:51:48.924Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1177 |
vulnerable | 2026-06-08 05:11:17.108905 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5488.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T03:51:49.051Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1176 |
vulnerable | 2026-06-08 05:11:17.108331 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5442.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T03:51:48.997Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1175 |
vulnerable | 2026-06-08 05:11:17.107957 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the interactive attribute of PrintParams objects. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5438.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T03:51:48.925Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1174 |
vulnerable | 2026-06-08 05:11:17.107541 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the bitmapDPI attribute of PrintParams objects. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5437.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T03:51:48.896Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1173 |
vulnerable | 2026-06-08 05:11:17.106366 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA borderColor attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5436.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T03:51:48.931Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17624 |
vulnerable | 2026-06-08 05:11:06.581809 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of OCG objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6435.
Published: 2018-10-29T22:00:00.000Z
Updated: 2024-08-05T10:54:10.296Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17623 |
vulnerable | 2026-06-08 05:11:06.581067 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6434.
Published: 2018-10-29T22:00:00.000Z
Updated: 2024-08-05T10:54:10.293Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17622 |
vulnerable | 2026-06-08 05:11:06.580605 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6354.
Published: 2018-10-29T22:00:00.000Z
Updated: 2024-08-05T10:54:10.313Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17621 |
vulnerable | 2026-06-08 05:11:06.580263 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6355.
Published: 2018-10-29T22:00:00.000Z
Updated: 2024-08-05T10:54:10.217Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17620 |
vulnerable | 2026-06-08 05:11:06.579903 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6353.
Published: 2018-10-29T22:00:00.000Z
Updated: 2024-08-05T10:54:10.498Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17619 |
vulnerable | 2026-06-08 05:11:06.579443 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Validate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6352.
Published: 2018-10-29T22:00:00.000Z
Updated: 2024-08-05T10:54:10.425Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17618 |
vulnerable | 2026-06-08 05:11:06.578910 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Selection Change events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6336.
Published: 2018-10-29T22:00:00.000Z
Updated: 2024-08-05T10:54:10.647Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17617 |
vulnerable | 2026-06-08 05:11:06.578491 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onFocus events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6335.
Published: 2018-10-29T22:00:00.000Z
Updated: 2024-08-05T10:54:10.246Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17616 |
vulnerable | 2026-06-08 05:11:06.578106 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6334.
Published: 2018-10-29T22:00:00.000Z
Updated: 2024-08-05T10:54:10.228Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-17615 |
vulnerable | 2026-06-08 05:11:06.577528 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Mouse Exit events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6333.
Published: 2018-10-29T22:00:00.000Z
Updated: 2024-08-05T10:54:10.246Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14317 |
vulnerable | 2026-06-08 05:10:52.758348 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6683.
Published: 2018-08-30T12:00:00.000Z
Updated: 2024-08-05T09:21:41.646Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14316 |
vulnerable | 2026-06-08 05:10:52.758001 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6351.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.545Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14315 |
vulnerable | 2026-06-08 05:10:52.757650 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of annotations. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6328.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.619Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14314 |
vulnerable | 2026-06-08 05:10:52.757292 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of annotations. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6327.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.587Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14313 |
vulnerable | 2026-06-08 05:10:52.756716 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6362.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.611Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14312 |
vulnerable | 2026-06-08 05:10:52.756219 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportAsFDF function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6332.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.607Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14310 |
vulnerable | 2026-06-08 05:10:52.749355 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6330.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.592Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14309 |
vulnerable | 2026-06-08 05:10:52.748908 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SeedValue Generic Object parameter provided to the signatureSetSeedValue function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6329.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.612Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14308 |
vulnerable | 2026-06-08 05:10:52.748552 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the valueAsString function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6326.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.496Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14307 |
vulnerable | 2026-06-08 05:10:52.748220 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Link objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6267.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.605Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14306 |
vulnerable | 2026-06-08 05:10:52.747778 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of button objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6266.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.606Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14305 |
vulnerable | 2026-06-08 05:10:52.747327 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PolyLine annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6265.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.617Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14304 |
vulnerable | 2026-06-08 05:10:52.746870 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Text annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6220.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.593Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14303 |
vulnerable | 2026-06-08 05:10:52.746427 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of StrikeOut annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6219.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.568Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14302 |
vulnerable | 2026-06-08 05:10:52.745972 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Square annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6218.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.611Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14301 |
vulnerable | 2026-06-08 05:10:52.745627 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Sound annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6217.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.552Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14299 |
vulnerable | 2026-06-08 05:10:52.744823 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Line annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6215.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.661Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14298 |
vulnerable | 2026-06-08 05:10:52.744344 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Ink annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6214.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.523Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14297 |
vulnerable | 2026-06-08 05:10:52.743968 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FreeText annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6213.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.432Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14296 |
vulnerable | 2026-06-08 05:10:52.743468 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Circle annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6212.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.467Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14294 |
vulnerable | 2026-06-08 05:10:52.723308 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FileAttachment annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6211.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.539Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14293 |
vulnerable | 2026-06-08 05:10:52.722963 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6233.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.499Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14292 |
vulnerable | 2026-06-08 05:10:52.722609 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6232.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.471Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14291 |
vulnerable | 2026-06-08 05:10:52.722271 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6231.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.514Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14290 |
vulnerable | 2026-06-08 05:10:52.721714 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6222.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.448Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14289 |
vulnerable | 2026-06-08 05:10:52.721366 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-6221.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.424Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14288 |
vulnerable | 2026-06-08 05:10:52.720985 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the setFocus function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5642.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.411Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14287 |
vulnerable | 2026-06-08 05:10:52.720632 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the instanceManager.nodes.append function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5641.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.470Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14286 |
vulnerable | 2026-06-08 05:10:52.720169 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the mailDoc function. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5770.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.549Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14285 |
vulnerable | 2026-06-08 05:10:52.719788 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the oneOfChild attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5774.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.608Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14284 |
vulnerable | 2026-06-08 05:10:52.719319 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the newDoc function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5773.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.511Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14283 |
vulnerable | 2026-06-08 05:10:52.718605 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the highlightMode attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5771.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.546Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14282 |
vulnerable | 2026-06-08 05:10:52.718227 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlateDecode streams. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5763.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.542Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14281 |
vulnerable | 2026-06-08 05:10:52.717783 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportData XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5757.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.550Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14280 |
vulnerable | 2026-06-08 05:10:52.717167 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5619.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.517Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14279 |
vulnerable | 2026-06-08 05:10:52.716631 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6060.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.480Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14278 |
vulnerable | 2026-06-08 05:10:52.716282 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNumWords method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6058.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.497Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14277 |
vulnerable | 2026-06-08 05:10:52.715835 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6059.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.383Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14276 |
vulnerable | 2026-06-08 05:10:52.715372 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6039.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.241Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14275 |
vulnerable | 2026-06-08 05:10:52.714849 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the spawnPageFromTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6038.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.501Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14274 |
vulnerable | 2026-06-08 05:10:52.714394 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the scroll method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6037.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.327Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14273 |
vulnerable | 2026-06-08 05:10:52.713941 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6036.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.453Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14272 |
vulnerable | 2026-06-08 05:10:52.713403 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6035.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.398Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14271 |
vulnerable | 2026-06-08 05:10:52.712971 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6034.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.416Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14270 |
vulnerable | 2026-06-08 05:10:52.712518 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6033.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.257Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14269 |
vulnerable | 2026-06-08 05:10:52.712070 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6032.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.245Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14268 |
vulnerable | 2026-06-08 05:10:52.711600 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mailForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6031.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.543Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14267 |
vulnerable | 2026-06-08 05:10:52.711042 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importTextData method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6030.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.308Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14266 |
vulnerable | 2026-06-08 05:10:52.710672 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6029.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.270Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14265 |
vulnerable | 2026-06-08 05:10:52.710233 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnXFDX method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6028.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.419Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14264 |
vulnerable | 2026-06-08 05:10:52.709778 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6027.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.323Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14263 |
vulnerable | 2026-06-08 05:10:52.709423 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getVersionID method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6026.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.238Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14262 |
vulnerable | 2026-06-08 05:10:52.709058 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getURL method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6025.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.280Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14261 |
vulnerable | 2026-06-08 05:10:52.708619 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6024.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.298Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14260 |
vulnerable | 2026-06-08 05:10:52.708070 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageRotation method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6023.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.354Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14259 |
vulnerable | 2026-06-08 05:10:52.707635 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNthWordQuads method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6022.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.178Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14258 |
vulnerable | 2026-06-08 05:10:52.707279 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageNthWord method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6021.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.378Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14257 |
vulnerable | 2026-06-08 05:10:52.706820 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageBox method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6020.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.382Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14256 |
vulnerable | 2026-06-08 05:10:52.706457 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getOCGs method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6019.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.173Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14255 |
vulnerable | 2026-06-08 05:10:52.706004 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getNthFieldName method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6018.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.185Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14254 |
vulnerable | 2026-06-08 05:10:52.705373 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getLinks method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6017.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.319Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14253 |
vulnerable | 2026-06-08 05:10:52.704819 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6016.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.216Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14252 |
vulnerable | 2026-06-08 05:10:52.704458 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6015.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.246Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14251 |
vulnerable | 2026-06-08 05:10:52.703886 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6014.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.273Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14250 |
vulnerable | 2026-06-08 05:10:52.703324 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6013.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.165Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14249 |
vulnerable | 2026-06-08 05:10:52.702966 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6012.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.311Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14248 |
vulnerable | 2026-06-08 05:10:52.702607 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsXFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6011.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.184Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14247 |
vulnerable | 2026-06-08 05:10:52.702255 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6010.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.218Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14246 |
vulnerable | 2026-06-08 05:10:52.701784 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the convertTocPDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6009.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.132Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14245 |
vulnerable | 2026-06-08 05:10:52.701320 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the closeDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6008.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.166Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14244 |
vulnerable | 2026-06-08 05:10:52.700748 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the calculateNow method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6007.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.237Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14243 |
vulnerable | 2026-06-08 05:10:52.700380 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addPageOpenJSMessage method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6006.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.250Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14242 |
vulnerable | 2026-06-08 05:10:52.699849 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6005.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.223Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-14241 |
vulnerable | 2026-06-08 05:10:52.698235 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6004.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T09:21:41.215Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11623 |
vulnerable | 2026-06-08 05:10:38.723043 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAdLayer method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6003.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T08:17:08.035Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11622 |
vulnerable | 2026-06-08 05:10:38.722585 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5873.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T08:17:07.861Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11621 |
vulnerable | 2026-06-08 05:10:38.722084 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5896.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T08:17:08.291Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11620 |
vulnerable | 2026-06-08 05:10:38.721419 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5756.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T08:17:07.853Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11619 |
vulnerable | 2026-06-08 05:10:38.720802 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setFocus method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5417.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T08:17:08.950Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11618 |
vulnerable | 2026-06-08 05:10:38.720310 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resetForm method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5416.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T08:17:08.643Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11617 |
vulnerable | 2026-06-08 05:10:38.718217 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format events for ComboBox fields. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5415.
Published: 2018-07-31T20:00:00.000Z
Updated: 2024-08-05T08:17:08.755Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10495 |
vulnerable | 2026-06-08 05:10:26.699305 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5586.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.717Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10494 |
vulnerable | 2026-06-08 05:10:26.698938 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D 3DView objects. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5493.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:08.304Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10493 |
vulnerable | 2026-06-08 05:10:26.698522 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Final Maximum Resolution attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5426.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:08.051Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10492 |
vulnerable | 2026-06-08 05:10:26.698191 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5424.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:08.260Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10491 |
vulnerable | 2026-06-08 05:10:26.697856 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Bone Weight Modifier structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5423.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.911Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10490 |
vulnerable | 2026-06-08 05:10:26.697347 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG images embedded inside U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5422.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:08.327Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10489 |
vulnerable | 2026-06-08 05:10:26.696912 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Declaration structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5421.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:08.261Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10488 |
vulnerable | 2026-06-08 05:10:26.696579 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Texture Width structures. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5420.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.999Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10487 |
vulnerable | 2026-06-08 05:10:26.696260 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files embedded inside PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5419.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.973Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10486 |
vulnerable | 2026-06-08 05:10:26.695942 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Image Index. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5418.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.658Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10485 |
vulnerable | 2026-06-08 05:10:26.695624 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within U3D Texture Height structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5412.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.666Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10484 |
vulnerable | 2026-06-08 05:10:26.695290 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Node objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5411.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.975Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10483 |
vulnerable | 2026-06-08 05:10:26.694968 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5410.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:08.377Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10482 |
vulnerable | 2026-06-08 05:10:26.694644 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the U3D Texture Image Format object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5409.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.669Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10481 |
vulnerable | 2026-06-08 05:10:26.694312 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D Texture Resource structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5408.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.682Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10480 |
vulnerable | 2026-06-08 05:10:26.693818 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the U3D Node Name buffer. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5401.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:08.188Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10479 |
vulnerable | 2026-06-08 05:10:26.691853 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Key Frame structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5399.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.572Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10478 |
vulnerable | 2026-06-08 05:10:26.691420 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Texture Coord Dimensions objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5397.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.820Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10477 |
vulnerable | 2026-06-08 05:10:26.691093 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Chain Index objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5396.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:08.129Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10476 |
vulnerable | 2026-06-08 05:10:26.690756 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Model Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5395.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.966Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10475 |
vulnerable | 2026-06-08 05:10:26.690331 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Light Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5394.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.411Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10474 |
vulnerable | 2026-06-08 05:10:26.689863 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Shading objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5393.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.702Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10473 |
vulnerable | 2026-06-08 05:10:26.689413 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D CLOD Base Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5392.
Published: 2018-05-17T15:00:00.000Z
Updated: 2024-08-05T07:39:07.412Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16589 |
vulnerable | 2026-06-08 05:09:00.621165 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the yTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4977.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.268Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16588 |
vulnerable | 2026-06-08 05:09:00.620871 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4976.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.206Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16587 |
vulnerable | 2026-06-08 05:09:00.620587 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5296.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.340Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16586 |
vulnerable | 2026-06-08 05:09:00.620299 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5295.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.358Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16585 |
vulnerable | 2026-06-08 05:09:00.620007 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.response method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5294.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.227Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16584 |
vulnerable | 2026-06-08 05:09:00.619722 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.310Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16583 |
vulnerable | 2026-06-08 05:09:00.619431 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the datasets element of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5289.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.356Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16582 |
vulnerable | 2026-06-08 05:09:00.619144 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the clearItems XFA method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5288.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.242Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16581 |
vulnerable | 2026-06-08 05:09:00.618864 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of the Document object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5282.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.264Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16580 |
vulnerable | 2026-06-08 05:09:00.618578 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ImageField node of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5281.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.314Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16579 |
vulnerable | 2026-06-08 05:09:00.618277 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5244.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.409Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16578 |
vulnerable | 2026-06-08 05:09:00.617978 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the picture elements within XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5216.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.410Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16577 |
vulnerable | 2026-06-08 05:09:00.617693 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the alignment attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5094.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.306Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16576 |
vulnerable | 2026-06-08 05:09:00.617394 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XFA's field element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5092.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.178Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16575 |
vulnerable | 2026-06-08 05:09:00.617101 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA's bind element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5091.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.304Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16574 |
vulnerable | 2026-06-08 05:09:00.616820 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Image filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5079.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.244Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16573 |
vulnerable | 2026-06-08 05:09:00.616522 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LZWDecode filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5078.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.223Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16572 |
vulnerable | 2026-06-08 05:09:00.616213 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within FormCalc's closeDoc method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5073.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.271Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-16571 |
vulnerable | 2026-06-08 05:09:00.615890 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of references to the app object from FormCalc. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5072.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T20:27:04.315Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14837 |
vulnerable | 2026-06-08 05:08:57.484766 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pageSpan method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5029.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:42:22.359Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14836 |
vulnerable | 2026-06-08 05:08:57.480568 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5028.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:42:20.605Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14835 |
vulnerable | 2026-06-08 05:08:57.480271 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the page method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5027.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:42:20.584Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14834 |
vulnerable | 2026-06-08 05:08:57.479979 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of FileAttachment annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5026.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:40.328Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14833 |
vulnerable | 2026-06-08 05:08:57.479692 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Text Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5025.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:39.927Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14832 |
vulnerable | 2026-06-08 05:08:57.479394 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Caret Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5024.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:39.951Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14831 |
vulnerable | 2026-06-08 05:08:57.478989 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of Circle Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5023.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:39.987Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14830 |
vulnerable | 2026-06-08 05:08:57.478700 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setFocus method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5022.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:40.329Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14829 |
vulnerable | 2026-06-08 05:08:57.478416 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the openList method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5021.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:40.371Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14828 |
vulnerable | 2026-06-08 05:08:57.478129 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the w method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5020.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:40.068Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14827 |
vulnerable | 2026-06-08 05:08:57.477844 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the append method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5019.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:39.924Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14826 |
vulnerable | 2026-06-08 05:08:57.477551 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the formNodes method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5018.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:40.417Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14825 |
vulnerable | 2026-06-08 05:08:57.477251 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the remove method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5017.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:39.996Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14824 |
vulnerable | 2026-06-08 05:08:57.476958 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5016.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:40.116Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14823 |
vulnerable | 2026-06-08 05:08:57.476671 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the signer method of XFA's Signature objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5015.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:39.996Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14822 |
vulnerable | 2026-06-08 05:08:57.476374 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xOsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5014.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:39.988Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14821 |
vulnerable | 2026-06-08 05:08:57.476071 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5013.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:39.995Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14820 |
vulnerable | 2026-06-08 05:08:57.475763 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index of the SOT marker in JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5012.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:39.938Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14819 |
vulnerable | 2026-06-08 05:08:57.475420 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the channel number member of the cdef box. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5011.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:40.146Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14818 |
vulnerable | 2026-06-08 05:08:57.474452 |
Details available
This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4982.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T19:34:40.146Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10959 |
vulnerable | 2026-06-08 05:08:36.612007 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4981.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T17:57:56.736Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10958 |
vulnerable | 2026-06-08 05:08:36.611702 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the value attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4980.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T17:50:12.857Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10957 |
vulnerable | 2026-06-08 05:08:36.611363 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4979.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T17:50:12.838Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10956 |
vulnerable | 2026-06-08 05:08:36.610156 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index member of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4978.
Published: 2017-12-20T14:00:00.000Z
Updated: 2024-08-05T17:50:12.860Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10953 |
vulnerable | 2026-06-08 05:08:36.605581 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the gotoURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5030.
Published: 2017-10-31T19:00:00.000Z
Updated: 2024-08-05T17:50:12.853Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10948 |
vulnerable | 2026-06-08 05:08:36.598541 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.execMenuItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4723.
Published: 2017-10-31T19:00:00.000Z
Updated: 2024-08-05T17:50:12.850Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10947 |
vulnerable | 2026-06-08 05:08:36.598199 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4722.
Published: 2017-10-31T19:00:00.000Z
Updated: 2024-08-05T17:50:12.723Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10946 |
vulnerable | 2026-06-08 05:08:36.595399 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4721.
Published: 2017-10-31T19:00:00.000Z
Updated: 2024-08-05T17:50:12.726Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10945 |
vulnerable | 2026-06-08 05:08:36.595100 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.alert function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4855.
Published: 2017-10-31T19:00:00.000Z
Updated: 2024-08-05T17:50:12.831Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10944 |
vulnerable | 2026-06-08 05:08:36.594796 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ObjStm objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-4846.
Published: 2017-10-31T19:00:00.000Z
Updated: 2024-08-05T17:50:12.826Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10943 |
vulnerable | 2026-06-08 05:08:36.594469 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4738.
Published: 2017-10-31T19:00:00.000Z
Updated: 2024-08-05T17:50:12.853Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10942 |
vulnerable | 2026-06-08 05:08:36.594119 |
Details available
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4737.
Published: 2017-10-31T19:00:00.000Z
Updated: 2024-08-05T17:50:12.901Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10941 |
vulnerable | 2026-06-08 05:08:36.591663 |
Details available
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFParseDateEx function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4816.
Published: 2017-10-31T19:00:00.000Z
Updated: 2024-08-05T17:50:12.793Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-10068 |
vulnerable | 2026-06-08 05:03:51.953137 |
Foxit Reader <= 5.4.5.0114 Plugin URL Processing Buffer Overflow
Foxit Reader versions through 5.4.5.0114, including the bundled Foxit Reader Plugin 2.2.1.530, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbitrary code.
Published: 2025-08-05T20:01:26.073Z
Updated: 2026-05-25T23:40:53.462Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.