HTTP: Foxit Reader Annotations noteIcon Use After Free
This signature detects attempt to exploit a use after free vulnerability which has been reported in Foxit Reader. A remote attacker could exploit this vulnerability by enticing a user to open a crafted PDF document. Successful exploitation could allow the attacker to execute arbitrary code in the context of the application.
Extended Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Text annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6220.
References
CVE: CVE-2018-14304
Short Name
HTTP:STC:FOXIT-NOTELCON-UAF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
After Annotations CVE-2018-14304 Foxit Free Reader Use noteIcon
Release Date
09/25/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3415
False Positive
Unknown
CVSS Score
6.8