HTTP: Foxit Reader Use After Free

This signature detects attempt to exploit an use after free vulnerability which has been reported in Foxit Reader. A remote attacker could exploit this vulnerability by enticing a user to open a crafted PDF document. Successful exploitation could allow the attacker to execute arbitrary code in the context of the application.

Extended Description

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380.

Affected Products

Foxitsoftware phantompdf

References

CVE: CVE-2018-9958

URL: https://www.exploit-db.com/exploits/44941/ http://www.zerodayinitiative.com/advisories/zdi-18-342/ https://www.foxitsoftware.com/support/security-bulletins.php#content-2018

Short Name

HTTP:STC:FOXITREADER-ANNOT-UAF

Severity

Major

Recommended

True

Recommended Action

Drop

HTTP: Foxit Reader Use After Free

Extended Description

Affected Products

References

Found a potential security threat?