#VU12824 Type confusion in Foxit PDF Editor (formerly Foxit PhantomPDF)

Cybersecurity Help s.r.o.

Published: 2018-05-18

Vulnerability identifier: #VU12824

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: N/A

CWE-ID: CWE-843

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Foxit PDF Editor (formerly Foxit PhantomPDF)
Client/Desktop applications / Office applications

Vendor: Foxit Software Inc.

Description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to type confusion when executing certain XFA functions in crafted PDF files since the application can transform non-CXFA_Object to CXFA_Object without judging the data type and use the discrepant CXFA_Object to get layout object directly. A remote attacker can cause the service to crash or execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation
Update to version 8.3.6.

Vulnerable software versions

Foxit PDF Editor (formerly Foxit PhantomPDF): 8.3.5 - 8.3.5.30351

External links
https://www.foxitsoftware.com/support/security-bulletins.php

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Foxit Reader and PhantomPDF