HTTP: Foxit Reader and PhantomPDF Choice Field Use After Free
This signature detects attempts to exploit a known vulnerability against Foxit Reader and PhantomPDF. A successful attack can lead to arbitrary code execution.
Extended Description
A use after free vulnerability exists in the JavaScript engine of Foxit Softwares Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Affected Products
Foxitsoftware foxit_reader
Short Name
HTTP:STC:DL:FOXIT-PTMPDF-CH-UAF
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
After CVE-2020-13557 Choice Field Foxit Free PhantomPDF Reader Use and
Release Date
04/15/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3374
False Positive
Unknown
Vendors
Foxitsoftware
CVSS Score
6.8