HTTP: Foxit Reader and PhantomPDF Associated File Type Confusion
This signature detects attempts to exploit a known vulnerability in Foxit Reader and PhantomPDF. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious web page or open a crafted PDF document. Successful exploitation could allow the attacker to execute arbitrary code in the target user's security context.
Extended Description
An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Affected Products
Foxitsoftware foxit_reader
References
CVE: CVE-2018-3843
Short Name
HTTP:STC:DL:PDF-FILETYPE-CONF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Associated CVE-2018-3843 Confusion File Foxit PhantomPDF Reader Type and
Release Date
06/26/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Foxitsoftware
CVSS Score
6.8