English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 143769 CVE Beschreibungen
und 71225 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.814066
Kategorie:General
Titel:Foxit PhantomPDF Remote Code Execution And Information Disclosure Vulnerabilities - Oct18 (Windows)
Zusammenfassung:The host is installed with Foxit PhantomPDF; and is prone to code execution and information disclosure vulnerabilities.
Beschreibung:Summary:
The host is installed with Foxit PhantomPDF
and is prone to code execution and information disclosure vulnerabilities.

Vulnerability Insight:
The following flaws exist:

A remote user can:

- cause arbitrary code to be executed on the target user's system.

- cause the target user's application to crash. A remote user can obtain potentially sensitive information on the target system.

- cause a use-after-free memory error by causing a dialog box to pop open repeatedly.

- cause a use-after-free memory error by using objects that have been deleted or closed.

- cause a use-after-free memory error using a control object after it has been deleted within a static XFA layout or using a wild pointer resulting from a deleted object after XFA re-layout.

- cause a use-after-free memory error when processing certain properties of Annotation objects by using freed objects.

- cause a use-after-free memory error or crash when processing PDF documents or certain properties of a PDF form.

- cause an uninitialized object information disclosure when creating ArrayBuffer and DataView objects [CVE-2018-17781].

- cause a memory corruption error when getting a pageIndex object without an initial value [CVE-2018-3992].

- cause an out-of-bounds memory read error when processing the Lower () method of a XFA object.

- trigger a type confusion error when using a null pointer without validation.

- cause an out-of-bounds memory read error and crash when parsing certain BMP images due to the access of an invalid address.

- cause an out-of-bounds memory read error when processing a PDF file that contains non-standard signatures.


Furthermore:

- An out-of-bounds memory read/write error may occur when parsing non-integer strings when converting HTML files to PDF files.

- A use-after-free memory error may occur when parsing non-integer strings when converting HTML files to PDF files.

- An out-of-bounds memory read error or use-after-free code execution error may occur when executing certain JavaScript due to the use of the document and auxiliary objects.

- The creation of ArrayBuffer and DataView objects is mishandled.

- The properties of Annotation objects are mishandled.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to execute arbitrary code or cause a denial of service (use-after-free)
and disclose sensitive information.

Affected Software/OS:
Foxit PhantomPDF version before 9.3 on windows

Solution:
Upgrade to Foxit PhantomPDF version 9.3 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-3940
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0607
http://www.securitytracker.com/id/1041769
Common Vulnerability Exposure (CVE) ID: CVE-2018-3941
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0608
Common Vulnerability Exposure (CVE) ID: CVE-2018-3942
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0609
Common Vulnerability Exposure (CVE) ID: CVE-2018-3943
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0610
Common Vulnerability Exposure (CVE) ID: CVE-2018-3944
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0611
Common Vulnerability Exposure (CVE) ID: CVE-2018-3945
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0612
Common Vulnerability Exposure (CVE) ID: CVE-2018-3946
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0613
Common Vulnerability Exposure (CVE) ID: CVE-2018-3957
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628
Common Vulnerability Exposure (CVE) ID: CVE-2018-3958
Common Vulnerability Exposure (CVE) ID: CVE-2018-3962
Common Vulnerability Exposure (CVE) ID: CVE-2018-3992
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0660
Common Vulnerability Exposure (CVE) ID: CVE-2018-3993
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0661
Common Vulnerability Exposure (CVE) ID: CVE-2018-3994
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0662
Common Vulnerability Exposure (CVE) ID: CVE-2018-3995
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0663
Common Vulnerability Exposure (CVE) ID: CVE-2018-3996
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0664
Common Vulnerability Exposure (CVE) ID: CVE-2018-3997
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0665
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 71225 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde

© 1998-2019 E-Soft Inc. Alle Rechte vorbehalten.