SB2024100116 - Multiple vulnerabilities in Foxit PDF Reader and Editor for Windows
Published: October 1, 2024 Updated: October 21, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 22 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2024-9255)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Improper validation of integrity check value (CVE-ID: CVE-2024-41605)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the application fails to validate the integrity of the updater when running the update service. A local user can replace the update file with a malicious one and execute arbitrary code with elevated privileges.
3) Out-of-bounds write (CVE-ID: CVE-2024-9248)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
4) Out-of-bounds write (CVE-ID: CVE-2024-9249)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
5) Out-of-bounds write (CVE-ID: CVE-2024-9247)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
6) Untrusted search path (CVE-ID: CVE-2024-38393)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path when performing an update or installing a plugin. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
7) Untrusted search path (CVE-ID: CVE-2024-9244)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path when performing an update or installing a plugin. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
8) Untrusted search path (CVE-ID: CVE-2024-9245)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path when performing an update or installing a plugin. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
9) Use-after-free (CVE-ID: CVE-2024-9256)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
10) Use-after-free (CVE-ID: CVE-2024-9254)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Use-after-free (CVE-ID: CVE-2024-28888)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
12) Use-after-free (CVE-ID: CVE-2024-9251)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
13) Use-after-free (CVE-ID: CVE-2024-9253)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
14) Use-after-free (CVE-ID: CVE-2024-9252)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
15) Use-after-free (CVE-ID: CVE-2024-9250)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
16) Use-after-free (CVE-ID: CVE-2024-9246)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
17) Use-after-free (CVE-ID: CVE-2024-9243)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
18) Use-after-free (CVE-ID: CVE-2024-7725)
The vulnerability allows a remote attacker to compromise vulnerable system.
The
vulnerability exists due to a use-after-free error when handling PDF
files. A remote attacker can trick the victim into opening a specially
crafted PDF file, trigger a use-after-free error and execute arbitrary
code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
19) Use-after-free (CVE-ID: CVE-2024-7724)
The vulnerability allows a remote attacker to compromise vulnerable system.
The
vulnerability exists due to a use-after-free error when handling PDF
files. A remote attacker can trick the victim into opening a specially
crafted PDF file, trigger a use-after-free error and execute arbitrary
code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
20) Use-after-free (CVE-ID: CVE-2024-7723)
The vulnerability allows a remote attacker to compromise vulnerable system.
The
vulnerability exists due to a use-after-free error when handling PDF
files. A remote attacker can trick the victim into opening a specially
crafted PDF file, trigger a use-after-free error and execute arbitrary
code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
21) Use-after-free (CVE-ID: CVE-2024-7722)
The vulnerability allows a remote attacker to compromise vulnerable system.
The
vulnerability exists due to a use-after-free error when handling PDF
files. A remote attacker can trick the victim into opening a specially
crafted PDF file, trigger a use-after-free error and execute arbitrary
code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
22) NULL pointer dereference (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted file and crash the application.
Remediation
Install update from vendor's website.
References
- https://www.foxitsoftware.com/support/security-bulletins.html
- https://www.zerodayinitiative.com/advisories/ZDI-24-1308/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1302/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1301/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1300/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1298/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1297/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1309/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1307/
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1967
- https://www.zerodayinitiative.com/advisories/ZDI-24-1306/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1305/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1304/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1303/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1299/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1296/