SB2024030814 - Multiple vulnerabilities in Foxit PDF Reader and Editor for Windows

Description

This security bulletin contains information about 50 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2024-30323)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary condition when handling template objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and execute arbitrary code on the system.

2) Use-after-free (CVE-ID: CVE-2024-30322)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

3) Incorrect default permissions (CVE-ID: N/A)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions on the folder in which the update service is executed. A local user can place a malicious DLL file into the update directory and execute arbitrary code with elevated privileges.

4) NULL pointer dereference (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when playing multimedia in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and crash the application.

5) Command Injection (CVE-ID: CVE-2024-25858)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing JavaScript inside PDF files. A remote attacker can trick the victim to open a specially crafted PDF file and execute arbitrary commands with malicious parameters.

6) Type Confusion (CVE-ID: CVE-2024-30356)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a type confusion error when handling certain Annotation objects in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a type confusion error and gain access to sensitive information.

7) Use-after-free (CVE-ID: CVE-2024-30371)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling AcroForms in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

8) Out-of-bounds write (CVE-ID: CVE-2024-30355)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when handling Doc objects in AcroForms. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.

9) Out-of-bounds read (CVE-ID: CVE-2024-30353)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary condition when handling Doc objects in AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and execute arbitrary code on the system.

10) Use-after-free (CVE-ID: CVE-2024-30352)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

11) Use-after-free (CVE-ID: CVE-2024-30351)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects in AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

12) Out-of-bounds read (CVE-ID: CVE-2024-30350)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling Annotation objects. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

13) Out-of-bounds read (CVE-ID: CVE-2024-30347)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when parsing U3D files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

14) Use-after-free (CVE-ID: CVE-2024-30346)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects in AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

15) Use-after-free (CVE-ID: CVE-2024-30345)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects in AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

16) Use-after-free (CVE-ID: CVE-2024-30344)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling AcroForms in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

17) Use-after-free (CVE-ID: CVE-2024-30343)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Annotation objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

18) Use-after-free (CVE-ID: CVE-2024-30342)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Annotation objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

19) Out-of-bounds read (CVE-ID: CVE-2024-30340)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling Annotation objects. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

20) Use-after-free (CVE-ID: CVE-2024-30367)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling AcroForms in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

21) Out-of-bounds read (CVE-ID: CVE-2024-30364)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when parsing U3D files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

22) Use-after-free (CVE-ID: CVE-2024-30358)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

23) Out-of-bounds write (CVE-ID: CVE-2024-30349)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when parsing U3D files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.

24) Out-of-bounds write (CVE-ID: CVE-2024-30348)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when parsing U3D files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.

25) Out-of-bounds read (CVE-ID: CVE-2024-30363)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when parsing U3D files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

26) Type Confusion (CVE-ID: CVE-2024-30357)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when handling Annotation objects in AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

27) Use-after-free (CVE-ID: CVE-2024-30339)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling AcroForms in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

28) Use-after-free (CVE-ID: CVE-2024-30333)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

29) Use-after-free (CVE-ID: CVE-2024-30332)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

30) Use-after-free (CVE-ID: CVE-2024-30331)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects in AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

31) Use-after-free (CVE-ID: CVE-2024-30330)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects in AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

32) Use-after-free (CVE-ID: CVE-2024-30329)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error when handling Annotation objects. A remote attacker can trick the victim to open a specially crafted PDF file and gain access to sensitive information.

33) Use-after-free (CVE-ID: CVE-2024-30328)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling  Doc objects in AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

34) Use-after-free (CVE-ID: CVE-2024-30327)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling template objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

35) Use-after-free (CVE-ID: CVE-2024-30326)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

36) Use-after-free (CVE-ID: CVE-2024-30325)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects in AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

37) Use-after-free (CVE-ID: CVE-2024-30324)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

38) Use-after-free (CVE-ID: CVE-2024-30338)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

39) Use-after-free (CVE-ID: CVE-2024-30337)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling AcroForms in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

40) Out-of-bounds read (CVE-ID: CVE-2024-30335)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling Annotation objects. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

41) Use-after-free (CVE-ID: CVE-2024-30336)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects in AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

42) Use-after-free (CVE-ID: CVE-2024-30334)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

43) Use-after-free (CVE-ID: CVE-2024-30365)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling AcroForms in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

44) Use-after-free (CVE-ID: CVE-2024-30366)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling AcroForms in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

45) Out-of-bounds read (CVE-ID: CVE-2024-30359)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary condition when handling 3D objects in AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and execute arbitrary code on the system.

46) Buffer overflow (CVE-ID: CVE-2024-30354)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Doc objects in AcroForms. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

47) Out-of-bounds read (CVE-ID: CVE-2024-30341)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary condition when handling Doc objects. A remote attacker can trick the victim to open a specially crafted PDF file, trigger an out-of-bounds read and execute arbitrary code on the system.

48) Use-after-free (CVE-ID: CVE-2024-30362)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

49) Use-after-free (CVE-ID: CVE-2024-30361)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling AcroForms in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

50) Use-after-free (CVE-ID: CVE-2024-30360)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling AcroForms in PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install update from vendor's website.

References

• https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PDF+Reader+2024.1+and+Foxit+PDF+Editor+2024.12024-03-05+00%3A00%3A00
• https://www.zerodayinitiative.com/advisories/ZDI-24-301/
• https://www.zerodayinitiative.com/advisories/ZDI-24-300/
• https://www.foxit.com/support/security-bulletins.html
• https://www.zerodayinitiative.com/advisories/ZDI-24-336/
• https://www.zerodayinitiative.com/advisories/ZDI-24-346/
• https://www.zerodayinitiative.com/advisories/ZDI-24-337/
• https://www.zerodayinitiative.com/advisories/ZDI-24-334/
• https://www.zerodayinitiative.com/advisories/ZDI-24-335/
• https://www.zerodayinitiative.com/advisories/ZDI-24-328/
• https://www.zerodayinitiative.com/advisories/ZDI-24-333/
• https://www.zerodayinitiative.com/advisories/ZDI-24-327/
• https://www.zerodayinitiative.com/advisories/ZDI-24-324/
• https://www.zerodayinitiative.com/advisories/ZDI-24-323/
• https://www.zerodayinitiative.com/advisories/ZDI-24-320/
• https://www.zerodayinitiative.com/advisories/ZDI-24-316/
• https://www.zerodayinitiative.com/advisories/ZDI-24-322/
• https://www.zerodayinitiative.com/advisories/ZDI-24-321/
• https://www.zerodayinitiative.com/advisories/ZDI-24-345/
• https://www.zerodayinitiative.com/advisories/ZDI-24-341/
• https://www.zerodayinitiative.com/advisories/ZDI-24-330/
• https://www.zerodayinitiative.com/advisories/ZDI-24-325/
• https://www.zerodayinitiative.com/advisories/ZDI-24-326/
• https://www.zerodayinitiative.com/advisories/ZDI-24-342/
• https://www.zerodayinitiative.com/advisories/ZDI-24-331/
• https://www.zerodayinitiative.com/advisories/ZDI-24-317/
• https://www.zerodayinitiative.com/advisories/ZDI-24-307/
• https://www.zerodayinitiative.com/advisories/ZDI-24-305/
• https://www.zerodayinitiative.com/advisories/ZDI-24-308/
• https://www.zerodayinitiative.com/advisories/ZDI-24-309/
• https://www.zerodayinitiative.com/advisories/ZDI-24-310/
• https://www.zerodayinitiative.com/advisories/ZDI-24-312/
• https://www.zerodayinitiative.com/advisories/ZDI-24-311/
• https://www.zerodayinitiative.com/advisories/ZDI-24-313/
• https://www.zerodayinitiative.com/advisories/ZDI-24-314/
• https://www.zerodayinitiative.com/advisories/ZDI-24-302/
• https://www.zerodayinitiative.com/advisories/ZDI-24-319/
• https://www.zerodayinitiative.com/advisories/ZDI-24-318/
• https://www.zerodayinitiative.com/advisories/ZDI-24-304/
• https://www.zerodayinitiative.com/advisories/ZDI-24-303/
• https://www.zerodayinitiative.com/advisories/ZDI-24-306/
• https://www.zerodayinitiative.com/advisories/ZDI-24-343/
• https://www.zerodayinitiative.com/advisories/ZDI-24-344/
• https://www.zerodayinitiative.com/advisories/ZDI-24-329/
• https://www.zerodayinitiative.com/advisories/ZDI-24-332/
• https://www.zerodayinitiative.com/advisories/ZDI-24-315/
• https://www.zerodayinitiative.com/advisories/ZDI-24-339/
• https://www.zerodayinitiative.com/advisories/ZDI-24-338/
• https://www.zerodayinitiative.com/advisories/ZDI-24-340/