Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options.
Max CVSS
10.0
EPSS Score
28.97%
Published
2008-01-09
Updated
2018-10-15
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
Max CVSS
10.0
EPSS Score
16.63%
Published
2009-08-24
Updated
2018-10-11
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
Max CVSS
10.0
EPSS Score
1.89%
Published
2009-09-14
Updated
2018-10-11

CVE-2009-0836

Public exploit
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action.
Max CVSS
10.0
EPSS Score
7.58%
Published
2009-03-10
Updated
2018-10-10
Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs.
Max CVSS
9.8
EPSS Score
0.39%
Published
2018-07-20
Updated
2018-09-17
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
Max CVSS
9.8
EPSS Score
0.39%
Published
2018-09-28
Updated
2018-11-14
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
Max CVSS
9.8
EPSS Score
0.39%
Published
2018-09-28
Updated
2018-11-14
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
Max CVSS
9.8
EPSS Score
0.39%
Published
2018-09-28
Updated
2018-11-14
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
Max CVSS
9.8
EPSS Score
0.39%
Published
2018-09-28
Updated
2018-11-14
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
Max CVSS
9.8
EPSS Score
0.39%
Published
2018-09-28
Updated
2018-11-14
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out of bounds memory access.
Max CVSS
9.8
EPSS Score
0.25%
Published
2018-12-24
Updated
2019-10-09
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action.
Max CVSS
9.8
EPSS Score
0.61%
Published
2020-06-04
Updated
2020-06-09
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.
Max CVSS
9.8
EPSS Score
0.37%
Published
2020-06-04
Updated
2020-06-09
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm.
Max CVSS
9.8
EPSS Score
0.20%
Published
2019-07-21
Updated
2020-08-24
An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-06-04
Updated
2020-06-10
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-06-04
Updated
2020-06-09
An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-06-04
Updated
2020-06-09
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-06-04
Updated
2020-06-05
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.
Max CVSS
9.8
EPSS Score
0.19%
Published
2020-06-04
Updated
2020-06-04
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-06-04
Updated
2020-06-04
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-06-04
Updated
2020-06-09
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution.
Max CVSS
9.8
EPSS Score
0.26%
Published
2020-10-02
Updated
2020-10-05
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation).
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-10-02
Updated
2020-10-05
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-10-02
Updated
2020-10-05
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).
Max CVSS
9.8
EPSS Score
0.70%
Published
2020-10-02
Updated
2020-10-05
797 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!