SB2020042201 - Multiple vulnerabilities in Foxit Reader and PhantomPDF
Published: April 22, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: N/A)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to hardcoded credentials being used during HTTP request in DocuSign plugin. A remote attacker can gain intercept network traffic and gain access to sensitive information.
2) Improper control of interaction frequency (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform a brute-force attack.
The vulnerability exists due to CAS service allows unlimited number of attempts to guess credentials. A remote attacker can perform a brute-force attack and gain unauthorized access to the application.
3) Use-after-free (CVE-ID: N/A)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a user-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Infinite loop (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when processing actions that contain circular reference in PDF files. A remote attacker can consume all available system resources and cause denial of service conditions.
5) Infinite loop (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when parsing certain PDF file that contains irregular data in cross-reference stream or lengthy character strings in the content stream. A remote attacker can consume all available system resources and cause denial of service conditions.
6) Improper Verification of Cryptographic Signature (CVE-ID: N/A)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to incorrect validation of signatures of PDF files. A remote attacker can bypass signature validation process and bypass implemented security restrictions.
7) Type Confusion (CVE-ID: CVE-2020-10889)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the handling of the DuplicatePages command of the communication API.. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Type Confusion (CVE-ID: CVE-2020-10913)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the handling of the OCRAndExportToExcel command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Type Confusion (CVE-ID: CVE-2020-10912)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the handling of the SetFieldValue command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Type Confusion (CVE-ID: CVE-2020-10911)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the handling of the GetFieldValue command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Type Confusion (CVE-ID: CVE-2020-10910)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the handling of the RotatePage command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Type Confusion (CVE-ID: CVE-2020-10909)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the handling of the AddWatermark command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Type Confusion (CVE-ID: CVE-2020-10908)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the handling of the Export command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Type Confusion (CVE-ID: CVE-2020-10891)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the handling of the Save command of the communication API. A remote attacker can create a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Use-after-free (CVE-ID: CVE-2020-10899)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the processing of XFA templates. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
16) Use-after-free (CVE-ID: CVE-2020-10900)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the processing of AcroForms. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
17) Use-after-free (CVE-ID: CVE-2020-10906)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the resetForm method. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
18) Use-after-free (CVE-ID: CVE-2020-10907)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the handling of widgets in XFA forms. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.
References
- https://www.foxitsoftware.com/support/security-bulletins.php?9.7.1.29511
- https://www.zerodayinitiative.com/advisories/ZDI-20-511/
- https://www.zerodayinitiative.com/advisories/ZDI-20-520/
- https://www.zerodayinitiative.com/advisories/ZDI-20-519/
- https://www.zerodayinitiative.com/advisories/ZDI-20-518/
- https://www.zerodayinitiative.com/advisories/ZDI-20-517/
- https://www.zerodayinitiative.com/advisories/ZDI-20-516/
- https://www.zerodayinitiative.com/advisories/ZDI-20-515/
- https://www.zerodayinitiative.com/advisories/ZDI-20-514/
- https://www.zerodayinitiative.com/advisories/ZDI-20-527/
- https://www.foxitsoftware.com/support/security-bulletins.php
- https://www.zerodayinitiative.com/advisories/ZDI-20-528/
- https://www.zerodayinitiative.com/advisories/ZDI-20-534/
- https://www.zerodayinitiative.com/advisories/ZDI-20-535/