Security bulletins

A prompt response to software defects and security vulnerabilities has been, and will continue to be, a top priority for everyone here at Foxit Software. Even though threats are a fact of life, we are proud to support the most robust PDF solutions on the market. Here is information on some enhancements that make our software even more robust.

Please click here to report a potential security vulnerability.

Security update available in 3D Plugin 8.3.8.1122

Release date: November 23, 2018

Platform: Windows

Summary

Foxit has released 3D Plugin 8.3.8.1122 for PhantomPDF, which addresses potential security and stability issues.

Affected versions

Product

Affected versions

Platform

3D Plugin

8.3.8.39677 and earlier

Windows

Solution

Update the 3D Plugin to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit PhantomPDF, click on “Check for Updates” and update 3D Plugin to the latest version.
  • Click here to download the updated version of 3D Plugin for PhantomPDF from our website.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin. This occurs due to the use the null pointer or pointer access violation in U3D engine during U3D parsing (CVE-2018-18933/CVE-2018-19341/CVE-2018-19345/CVE-2018-19344).

Asprose of Chengdu University of Information Technology

Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin. This occurs due to JPEG parsing error in IFXCore of the U3D engine during U3D parsing. (CVE-2018-19348/CVE-2018-19346/CVE-2018-19347).

Asprose of Chengdu University of Information Technology

Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin. This is caused by the array access violation in IFXCore of the U3D engine (CVE-2018-19342).

Asprose of Chengdu University of Information Technology

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin due to the incorrect logic in IFXCore of the U3D engine (CVE-2018-19343).

Asprose of Chengdu University of Information Technology

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.

Security update available in 3D Plugin 9.3.0.10830

Release date: November 23, 2018

Platform: Windows

Summary

Foxit has released 3D Plugin 9.3.0.10830 for Foxit Reader and PhantomPDF, which addresses potential security and stability issues.

Affected versions

Product

Affected versions

Platform

3D Plugin

9.3.0.10809 and earlier

Windows

Solution

Update the 3D Plugin to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates” and update 3D Plugin to the latest version.
  • Click here to download the updated version of 3D Plugin for Foxit Reader or PhantomPDF from our website.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin. This occurs due to the use the null pointer or pointer access violation in U3D engine during U3D parsing (CVE-2018-18933/CVE-2018-19341/CVE-2018-19345/CVE-2018-19344).

Asprose of Chengdu University of Information Technology

Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin. This occurs due to JPEG parsing error in IFXCore of the U3D engine during U3D parsing. (CVE-2018-19348/CVE-2018-19346/CVE-2018-19347).

Asprose of Chengdu University of Information Technology

Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin. This is caused by the array access violation in IFXCore of the U3D engine (CVE-2018-19342).

Asprose of Chengdu University of Information Technology

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash if users were using 3D Plugin due to the incorrect logic in IFXCore of the U3D engine (CVE-2018-19343).

Asprose of Chengdu University of Information Technology

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.

Security updates available in Foxit PhantomPDF 8.3.8

Release date: November 2, 2018

Platform: Windows

Summary

Foxit has released Foxit PhantomPDF 8.3.8, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit PhantomPDF

8.3.7.38093 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit PhantomPDF, click on “Check for Updates” and update to the latest version.
  • Click here to download the updated version of Foxit PhantomPDF from our website.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to Out-of-Bounds Access/Write/Read or Use-After-Free vulnerability and crash when parsing non-integer strings during the conversion of HTML files to PDFs, which could be exploited by attackers to execute remote code (ZDI-CAN-6230/ZDI-CAN-7128/ZDI-CAN-7129/ZDI-CAN-7130/ZDI-CAN-7131/ZDI-CAN-7132).

bit - MeePwn team working with Trend Micro's Zero Day Initiative
Anonymous working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution or Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs when executing certain JavaScript due to the use of document and its auxiliary objects which have been closed after calling closeDoc function (ZDI-CAN-6333/ZDI-CAN-6334/ZDI-CAN-6335/ZDI-CAN-6336/ZDI-CAN-6352/ZDI-CAN-6353/ZDI-CAN-6355/ZDI-CAN-6434/ZDI-CAN-6435/ZDI-CAN-6435/ZDI-CAN-6354/CVE-2018-3940/CVE-2018-3941/CVE-2018-3942/CVE-2018-3943/CVE-2018-3944/CVE-2018-3945/CVE-2018-3946/CVE-2018-3957/CVE-2018-3962/CVE-2018-3958/CVE-2018-3959/CVE-2018-3960/CVE-2018-3961/CVE-2018-3964/CVE-2018-3965/CVE-2018-3966/CVE-2018-3967/ZDI-CAN-6439/ZDI-CAN-6455/ZDI-CAN-6471/ZDI-CAN-6472/ZDI-CAN-6473/ZDI-CAN-6474/ZDI-CAN-6475/ZDI-CAN-6477/ZDI-CAN-6478/ZDI-CAN-6479/ZDI-CAN-6480/ZDI-CAN-6481/ZDI-CAN-6482/ZDI-CAN-6483/ZDI-CAN-6484/ZDI-CAN-6485/ZDI-CAN-6486/ZDI-CAN-6487/ZDI-CAN-6501/ZDI-CAN-6502/ZDI-CAN-6503/ZDI-CAN-6504/ZDI-CAN-6505/ZDI-CAN-6506/ZDI-CAN-6507/ZDI-CAN-6509/ZDI-CAN-6511/ ZDI-CAN-6512/ZDI-CAN-6513/ZDI-CAN-6514/ZDI-CAN-6517/ZDI-CAN-6518/ZDI-CAN-6519/ZDI-CAN-6520/ZDI-CAN-6521/ZDI-CAN-6522/ZDI-CAN-6523/ZDI-CAN-6524/ ZDI-CAN-6817/ZDI-CAN-6848/ZDI-CAN-6849/ZDI-CAN-6850/ZDI-CAN-6851/ZDI-CAN-6915/ZDI-CAN-7141/ZDI-CAN-7163/ZDI-CAN-6470/ZDI-CAN-7103/ZDI-CAN-7138/ZDI-CAN-7169/ZDI-CAN-7170/CVE-2018-3993/CVE-2018-3994/CVE-2018-3995/CVE-2018-3996/CVE-2018-3997/ZDI-CAN-7067/CVE-2018-16291/CVE-2018-16293/CVE-2018-16295/CVE-2018-16296/CVE-2018-16297/CVE-2018-16294/CVE-2018-16292/ZDI-CAN-7253/ZDI-CAN-7252/ZDI-CAN-7254/ZDI-CAN-7255).

Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
Aleksandar Nikolic of Cisco Talos
Esteban Ruiz (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
Anonymous working with Trend Micro's Zero Day Initiative
Abago Forgans working with Trend Micro's Zero Day Initiative
Mat Powell of Trend Micro Zero Day Initiative
Kamlapati Choubey working with Trend Micro's Zero Day Initiative
ManchurianClassmate from 360 Yunying Labs

Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when opening a malicious file. This occurs because a dialog box pops up repeatedly, which prevents the application to be closed (ZDI-CAN-6438/ZDI-CAN-6458).

Esteban Ruiz (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability due to the use of objects which have been deleted or closed (ZDI-CAN-6614/ZDI-CAN-6616).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash. This occurs due to the use of a control object after is has been deleted within static XFA layout, or the access of a wild pointer resulting from a deleted object after XFA re-layout (ZDI-CAN-6500/ZDI-CAN-6700).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when handing certain properties of Annotation objects due to the use of freed objects (ZDI-CAN-6498/ZDI-CAN-6499/ZDI-CAN-6820/ZDI-CAN-6845/ ZDI-CAN-7157).

Kamlapati Choubey of Trend Micro Security Research working with Trend Micro's Zero Day Initiative
Sooraj K S (@soorajks)
Anonymous working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when processing malicious PDF documents or certain properties of a PDF form. This occurs because the application continues to set value for the field object after it has been removed (ZDI-CAN-6890/ZDI-CAN-7068/ZDI-CAN-7069/ZDI-CAN-7070/ZDI-CAN-7145).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Uninitialized Object Information Disclosure vulnerability since there exists an uninitialized object when creating ArrayBuffer and DataView objects (CVE-2018-17781).

Steven Seeley (mr_me) of Source Incite working with iDefense Labs

Addressed a potential issue where the application could be exposed to Memory Corruption vulnerability when getting pageIndex object without an initial value (CVE-2018-3992).

Abago Forgans
Aleksandar Nikolic of Cisco Talos

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when processing the Lower () method of a XFA object due to the abnormal data access resulting from the different definition of object character length in WideString and ByteString (ZDI-CAN-6617).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability due to the use of a null pointer without validation (ZDI-CAN-6819).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read information Disclosure vulnerability and crash when parsing certain BMP images due to the access of invalid address (ZDI-CAN-6844).

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when processing a PDF file which contains non-standard signatures. This issue results from the lack of proper validation when getting null value within the obtaining of signature information using OpenSSL as the written signature information is incorrect (ZDI-CAN-7073).

Sebastian Feldmann from GoSecure working with Trend Micro's Zero Day Initiative

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.

Security updates available in Foxit Reader 9.3 and Foxit PhantomPDF 9.3

Release date: September 28, 2018

Platform: Windows

Summary

Foxit has released Foxit Reader 9.3 and Foxit PhantomPDF 9.3, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

9.2.0.9297 and earlier

Windows

Foxit PhantomPDF

9.2.0.9297 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to Out-of-Bounds Access/Write/Read or Use-After-Free vulnerability and crash when parsing non-integer strings during the conversion of HTML files to PDFs, which could be exploited by attackers to execute remote code (ZDI-CAN-6230/ZDI-CAN-7128/ZDI-CAN-7129/ZDI-CAN-7130/ZDI-CAN-7131/ZDI-CAN-7132).

bit - MeePwn team working with Trend Micro's Zero Day Initiative
Anonymous working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution or Out-of-Bounds Read Information Disclosure vulnerability and crash. This occurs when executing certain JavaScript due to the use of document and its auxiliary objects which have been closed after calling closeDoc function (ZDI-CAN-6333/ZDI-CAN-6334/ZDI-CAN-6335/ZDI-CAN-6336/ZDI-CAN-6352/ZDI-CAN-6353/ZDI-CAN-6355/ZDI-CAN-6434/ZDI-CAN-6435/ZDI-CAN-6435/ZDI-CAN-6354/CVE-2018-3940/CVE-2018-3941/CVE-2018-3942/CVE-2018-3943/CVE-2018-3944/CVE-2018-3945/CVE-2018-3946/CVE-2018-3957/CVE-2018-3962/CVE-2018-3958/CVE-2018-3959/CVE-2018-3960/CVE-2018-3961/CVE-2018-3964/CVE-2018-3965/CVE-2018-3966/CVE-2018-3967/ZDI-CAN-6439/ZDI-CAN-6455/ZDI-CAN-6471/ZDI-CAN-6472/ZDI-CAN-6473/ZDI-CAN-6474/ZDI-CAN-6475/ZDI-CAN-6477/ZDI-CAN-6478/ZDI-CAN-6479/ZDI-CAN-6480/ZDI-CAN-6481/ZDI-CAN-6482/ZDI-CAN-6483/ZDI-CAN-6484/ZDI-CAN-6485/ZDI-CAN-6486/ZDI-CAN-6487/ZDI-CAN-6501/ZDI-CAN-6502/ZDI-CAN-6503/ZDI-CAN-6504/ZDI-CAN-6505/ZDI-CAN-6506/ZDI-CAN-6507/ZDI-CAN-6509/ZDI-CAN-6511/ ZDI-CAN-6512/ZDI-CAN-6513/ZDI-CAN-6514/ZDI-CAN-6517/ZDI-CAN-6518/ZDI-CAN-6519/ZDI-CAN-6520/ZDI-CAN-6521/ZDI-CAN-6522/ZDI-CAN-6523/ZDI-CAN-6524/ ZDI-CAN-6817/ZDI-CAN-6848/ZDI-CAN-6849/ZDI-CAN-6850/ZDI-CAN-6851/ZDI-CAN-6915/ZDI-CAN-7141/ZDI-CAN-7163/ZDI-CAN-6470/ZDI-CAN-7103/ZDI-CAN-7138/ZDI-CAN-7169/ZDI-CAN-7170/CVE-2018-3993/CVE-2018-3994/CVE-2018-3995/CVE-2018-3996/CVE-2018-3997/ZDI-CAN-7067/CVE-2018-16291/CVE-2018-16293/CVE-2018-16295/CVE-2018-16296/CVE-2018-16297/CVE-2018-16294/CVE-2018-16292/ZDI-CAN-7253/ZDI-CAN-7252/ZDI-CAN-7254/ZDI-CAN-7255).

Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
Aleksandar Nikolic of Cisco Talos
Esteban Ruiz (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
Anonymous working with Trend Micro's Zero Day Initiative
Abago Forgans working with Trend Micro's Zero Day Initiative
Mat Powell of Trend Micro Zero Day Initiative
Kamlapati Choubey working with Trend Micro's Zero Day Initiative
ManchurianClassmate from 360 Yunying Labs

Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when opening a malicious file. This occurs because a dialog box pops up repeatedly, which prevents the application to be closed (ZDI-CAN-6438/ZDI-CAN-6458).

Esteban Ruiz (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability due to the use of objects which have been deleted or closed (ZDI-CAN-6614/ZDI-CAN-6616).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash. This occurs due to the use of a control object after is has been deleted within static XFA layout, or the access of a wild pointer resulting from a deleted object after XFA re-layout (ZDI-CAN-6500/ZDI-CAN-6700).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability when handing certain properties of Annotation objects due to the use of freed objects (ZDI-CAN-6498/ZDI-CAN-6499/ZDI-CAN-6820/ZDI-CAN-6845/ ZDI-CAN-7157).

Kamlapati Choubey of Trend Micro Security Research working with Trend Micro's Zero Day Initiative
Sooraj K S (@soorajks)
Anonymous working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash when processing malicious PDF documents or certain properties of a PDF form. This occurs because the application continues to set value for the field object after it has been removed (ZDI-CAN-6890/ZDI-CAN-7068/ZDI-CAN-7069/ZDI-CAN-7070/ZDI-CAN-7145).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Uninitialized Object Information Disclosure vulnerability since there exists an uninitialized object when creating ArrayBuffer and DataView objects (CVE-2018-17781).

Steven Seeley (mr_me) of Source Incite working with iDefense Labs

Addressed a potential issue where the application could be exposed to Memory Corruption vulnerability when getting pageIndex object without an initial value (CVE-2018-3992).

Abago Forgans
Aleksandar Nikolic of Cisco Talos

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when processing the Lower () method of a XFA object due to the abnormal data access resulting from the different definition of object character length in WideString and ByteString (ZDI-CAN-6617).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability due to the use of a null pointer without validation (ZDI-CAN-6819).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read information Disclosure vulnerability and crash when parsing certain BMP images due to the access of invalid address (ZDI-CAN-6844).

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when processing a PDF file which contains non-standard signatures. This issue results from the lack of proper validation when getting null value within the obtaining of signature information using OpenSSL as the written signature information is incorrect (ZDI-CAN-7073).

Sebastian Feldmann from GoSecure working with Trend Micro's Zero Day Initiative

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.

Security update in Foxit E-mail advertising system


Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the Foxit E-mail adverting system that used Interspire Email Marketer service could be exposed to Interspire Email Marketer Remote Admin Authentication Bypass vulnerability, which could be exploited by attackers to disclose information.

Velayutham Selvaraj of TwinTech Solutions

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.

Security update available in Foxit Reader 2.4.4

Release date: September 18, 2018

Platform: Linux

Summary

Foxit has released Foxit Reader 2.4.4, which addresses a potential security and stability issue.

Affected versions

Product

Affected versions

Platform

Foxit Reader

2.4.1.0609 and earlier

Linux

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, click on “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could be exposed to Denial of Service vulnerability and crash due to null pointer access.

L5 of Qihoo 360 Vulcan Team

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.

Security updates available in Foxit PhantomPDF 8.3.7

Release date: August 16, 2018

Platform: Windows

Summary

Foxit has released Foxit PhantomPDF 8.3.7, which addresses potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit PhantomPDF

8.3.6.35572 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit PhantomPDF, click on “Check for Updates” and update to the latest version.
  • Click here to download the updated version of Foxit PhantomPDF from our website.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash due to the use of object, pointer, or document which has been freed or closed (ZDI-CAN-5415/ZDI-CAN-5416/ZDI-CAN-5417/V-88f4smlocs/ZDI-CAN-5771/ZDI-CAN-6231/ZDI-CAN-6232/ZDI-CAN-6233/ ZDI-CAN-6211/ZDI-CAN-6212/ZDI-CAN-6213/ZDI-CAN-6327/ZDI-CAN-6328/ZDI-CAN-6214/ZDI-CAN-6215/ZDI-CAN-6216/ZDI-CAN-6217/ZDI-CAN-6218/ZDI-CAN-6219/ZDI-CAN-6220/ZDI-CAN-6265/ZDI-CAN-6266/ZDI-CAN-6267/ZDI-CAN-6326/ZDI-CAN-6329/ZDI-CAN-6330/ CVE-2018-3924/CVE-2018-3939).

Anonymous working with Trend Micro's Zero Day Initiative
Sudhakar Verma and Ashfaq Ansari - Project Srishti working with iDefense Labs
nsfocus security team working with Trend Micro's Zero Day Initiative
bit - MeePwn team working with Trend Micro's Zero Day Initiative
Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
Esteban Ruiz (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
Aleksandar Nikolic of Cisco Talos

Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write vulnerability when parsing or converting JPG files due to access violation on pointer, which could be exploited by attackers to disclose information or execute remote code (ZDI-CAN-5756/ZDI-CAN-5896/ZDI-CAN-5873).

soiax working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability when calling addAdLayer function since the certain object in the function is replaced (ZDI-CAN-6003/ZDI-CAN-6004/ZDI-CAN-6005/ZDI-CAN-6006/ZDI-CAN-6007/ZDI-CAN-6008/ZDI-CAN-6009/ZDI-CAN-6010/ZDI-CAN-6011/ZDI-CAN-6012/ZDI-CAN-6013/ZDI-CAN-6014/ZDI-CAN-6015/ZDI-CAN-6016/ZDI-CAN-6017/ZDI-CAN-6018/ZDI-CAN-6019/ZDI-CAN-6020/ZDI-CAN-6021/ZDI-CAN-6022/ZDI-CAN-6023/ZDI-CAN-6024/ZDI-CAN-6025/ZDI-CAN-6026/ZDI-CAN-6027/ZDI-CAN-6028/ZDI-CAN-6029/ZDI-CAN-6030/ZDI-CAN-6031/ZDI-CAN-6032/ZDI-CAN-6033/ZDI-CAN-6034/ZDI-CAN-6035/ZDI-CAN-6036/ZDI-CAN-6037/ZDI-CAN-6038/ZDI-CAN-6039/ZDI-CAN-6058/ZDI-CAN-6059/ZDI-CAN-6060/ZDI-CAN-5770/ZDI-CAN-5773).

nsfocus security team working with Trend Micro's Zero Day Initiative
TrendyTofu - Trend Micro Zero Day Initiative working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Arbitrary File Write vulnerability when executing exportAsFDF or exportData JavaScript since the application does not properly validate the file type to be exported, which could lead to remote code execution (ZDI-CAN-5619/ZDI-CAN-6332/ZDI-CAN-5757).

Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash. This occurs when executing certain JavaScript functions since the application could transform non-XFA-node to XFA-node and use the discrepant XFA-node directly (ZDI-CAN-5641/ZDI-CAN-5642/ZDI-CAN-5774/ZDI-CAN-6331).

nsfocus security team working with Trend Micro's Zero Day Initiative
Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Uninitialized Pointer Remote Code Execution vulnerability. This occurs since the array object is transformed and used as dictionary object in the cases where inline image dictionary contains invalid dictionary end symbol and array start symbol which leads to inline image to be released and new array object to be added (ZDI-CAN-5763/ZDI-CAN-6221).

Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to NTLM Credentials Theft vulnerability when executing GoToE & GoToR action, which could lead to information disclosure.

Deepu

Addressed a potential issue where the application could be exposed to Heap-based Buffer Overflow Remote Code Execution vulnerability and crash due to out of bound of array when parsing a malformed PDF file (ZDI-CAN-6222).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Integer Overflow Remote Code Execution vulnerability and crash since the value read from a crafted PDF file exceeds the maximum value the data type can represent (ZDI-CAN-6223).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability since the ICCBased color space is replaced with Pattern color space when the application parses “ColorSpace” within a PDF (ZDI-CAN-6362/ZDI-CAN-6683).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash due to improper handling of process when executing GetAssociatedPageIndex function (ZDI-CAN-6351).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could crash when executing var test = new ArrayBuffer(0xfffffffe) JavaScript due to large buffer application.

Zhiyuan Wang of Chengdu Qihoo360 Tech Co. Ltd

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.

Security updates available in Foxit Reader 9.2 and Foxit PhantomPDF 9.2

Release date: July 19, 2018

Platform: Windows

Summary

Foxit has released Foxit Reader 9.2 and Foxit PhantomPDF 9.2, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

9.1.0.5096 and earlier

Windows

Foxit PhantomPDF

9.1.0.5096 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability and crash due to the use of object, pointer, or document which has been freed or closed (ZDI-CAN-5415/ZDI-CAN-5416/ZDI-CAN-5417/V-88f4smlocs/ZDI-CAN-5771/ZDI-CAN-6231/ZDI-CAN-6232/ZDI-CAN-6233/ ZDI-CAN-6211/ZDI-CAN-6212/ZDI-CAN-6213/ZDI-CAN-6327/ZDI-CAN-6328/ZDI-CAN-6214/ZDI-CAN-6215/ZDI-CAN-6216/ZDI-CAN-6217/ZDI-CAN-6218/ZDI-CAN-6219/ZDI-CAN-6220/ZDI-CAN-6265/ZDI-CAN-6266/ZDI-CAN-6267/ZDI-CAN-6326/ZDI-CAN-6329/ZDI-CAN-6330/ CVE-2018-3924/CVE-2018-3939).

Anonymous working with Trend Micro's Zero Day Initiative
Sudhakar Verma and Ashfaq Ansari - Project Srishti working with iDefense Labs
nsfocus security team working with Trend Micro's Zero Day Initiative
bit - MeePwn team working with Trend Micro's Zero Day Initiative
Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
Esteban Ruiz (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
Aleksandar Nikolic of Cisco Talos

Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write vulnerability when parsing or converting JPG files due to access violation on pointer, which could be exploited by attackers to disclose information or execute remote code (ZDI-CAN-5756/ZDI-CAN-5896/ZDI-CAN-5873).

soiax working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability when calling addAdLayer function since the certain object in the function is replaced (ZDI-CAN-6003/ZDI-CAN-6004/ZDI-CAN-6005/ZDI-CAN-6006/ZDI-CAN-6007/ZDI-CAN-6008/ZDI-CAN-6009/ZDI-CAN-6010/ZDI-CAN-6011/ZDI-CAN-6012/ZDI-CAN-6013/ZDI-CAN-6014/ZDI-CAN-6015/ZDI-CAN-6016/ZDI-CAN-6017/ZDI-CAN-6018/ZDI-CAN-6019/ZDI-CAN-6020/ZDI-CAN-6021/ZDI-CAN-6022/ZDI-CAN-6023/ZDI-CAN-6024/ZDI-CAN-6025/ZDI-CAN-6026/ZDI-CAN-6027/ZDI-CAN-6028/ZDI-CAN-6029/ZDI-CAN-6030/ZDI-CAN-6031/ZDI-CAN-6032/ZDI-CAN-6033/ZDI-CAN-6034/ZDI-CAN-6035/ZDI-CAN-6036/ZDI-CAN-6037/ZDI-CAN-6038/ZDI-CAN-6039/ZDI-CAN-6058/ZDI-CAN-6059/ZDI-CAN-6060/ZDI-CAN-5770/ZDI-CAN-5773).

nsfocus security team working with Trend Micro's Zero Day Initiative
TrendyTofu - Trend Micro Zero Day Initiative working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Arbitrary File Write vulnerability when executing exportAsFDF or exportData JavaScript since the application does not properly validate the file type to be exported, which could lead to remote code execution (ZDI-CAN-5619/ZDI-CAN-6332/ZDI-CAN-5757).

Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability and crash. This occurs when executing certain JavaScript functions since the application could transform non-XFA-node to XFA-node and use the discrepant XFA-node directly (ZDI-CAN-5641/ZDI-CAN-5642/ZDI-CAN-5774/ZDI-CAN-6331).

nsfocus security team working with Trend Micro's Zero Day Initiative
Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Uninitialized Pointer Remote Code Execution vulnerability. This occurs since the array object is transformed and used as dictionary object in the cases where inline image dictionary contains invalid dictionary end symbol and array start symbol which leads to inline image to be released and new array object to be added (ZDI-CAN-5763/ZDI-CAN-6221).

Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to NTLM Credentials Theft vulnerability when executing GoToE & GoToR action, which could lead to information disclosure.

Deepu

Addressed a potential issue where the application could be exposed to Heap-based Buffer Overflow Remote Code Execution vulnerability and crash due to out of bound of array when parsing a malformed PDF file (ZDI-CAN-6222).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Integer Overflow Remote Code Execution vulnerability and crash since the value read from a crafted PDF file exceeds the maximum value the data type can represent (ZDI-CAN-6223).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability since the ICCBased color space is replaced with Pattern color space when the application parses “ColorSpace” within a PDF (ZDI-CAN-6362/ZDI-CAN-6683).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash due to improper handling of process when executing GetAssociatedPageIndex function (ZDI-CAN-6351).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could crash when executing var test = new ArrayBuffer(0xfffffffe) JavaScript due to large buffer application.

Zhiyuan Wang of Chengdu Qihoo360 Tech Co. Ltd

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.

Security update available in Foxit PhantomPDF 8.3.6

Release date: May 7, 2018

Platform: Windows

Summary

Foxit has released Foxit PhantomPDF 8.3.6, which addresses potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit PhantomPDF

8.3.5.30351 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit PhantomPDF, click on “Check for Updates” and update to the latest version.
  • Click here to download the updated version of Foxit PhantomPDF from our website.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could be exposed to Unsafe DLL Loading vulnerability since the application passes an insufficiently qualified path in loading an external library when a user launches the application, which could be exploited by attackers to execute remote code by placing a malicious DLL in the specified path directory.

Ye Yint Min Thu htut

Addressed potential issues where the application could be exposed to Heap Buffer Overflow Remote Code Execution vulnerability and crash with abusing certain function calls. (CVE-2017-17557/ZDI-CAN-5472/ZDI-CAN-5895/ZDI-CAN-5473).

Steven Seeley (mr_me) of Source Incite
willJ of Tencent PC Manager working with Trend Micro's Zero Day Initiative
Add of MeePwn working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free vulnerability due to the use of freed object when executing JavaScript or invoking certain functions to get object properties, which could be exploited by attackers to execute remote code (CVE-2017-14458/ZDI-CAN-5436/ZDI-CAN-5527/ZDI-CAN-5528/ZDI-CAN-5529/ZDI-CAN-5531/ZDI-CAN-5617/ZDI-CAN-5618/ZDI-CAN-5620/ZDI-CAN-5579/ZDI-CAN-5580/ZDI-CAN-5488/ZDI-CAN-5489/ZDI-CAN-5312/ZDI-CAN-5432/ ZDI-CAN-5433/ZDI-CAN-5434/ZDI-CAN-5435/ZDI-CAN-5568/ZDI-CAN-5491/ZDI-CAN-5379/ZDI-CAN-5382).

Aleksandar Nikolic of Cisco Talos
Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
bit from meepwn team working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Uninitialized Memory/Pointer Information Disclosure or Remote Code Execution vulnerabilities due to the use of uninitialized new Uint32Array object or member variables in PrintParams or m_pCurContex objects (ZDI-CAN-5437/ZDI-CAN-5438/CVE-2018-3842/ ZDI-CAN-5380).

Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative
Aleksandar Nikolic of Cisco Talos
bit from meepwn team working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write Remote Code Execution or Information Disclosure vulnerability and crash due to incorrect memory allocation, memory commit, memory access, or array access (ZDI-CAN-5442/ZDI-CAN-5490/ZDI-CAN-5413/ZDI-CAN-5754/ZDI-CAN-5755/ZDI-CAN-5758).

Phil Blankenship of Cerberus Security working with Trend Micro's Zero Day Initiative
Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative
Sudhakar Verma and Ashfaq Ansari - Project Srishti working with Trend Micro's Zero Day Initiative
soiax working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerabilities and crash. This occurs when executing certain XFA functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object without judging the data type and use the discrepant CXFA_Object to get layout object directly (ZDI-CAN-5370/ZDI-CAN-5371/ZDI-CAN-5372/ZDI-CAN-5373/ ZDI-CAN-5374/ZDI-CAN-5375/ZDI-CAN-5376/ZDI-CAN-5377).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free Information Disclosure or Remote Code Execution vulnerability and crash since the application could continue to traverse pages after the document has been closed or free certain objects repeatedly (ZDI-CAN-5471/ZDI-CAN-5414/CVE-2018-3853).

willJ of Tencent PC Manager working with Trend Micro's Zero Day Initiative
Sudhakar Verma and Ashfaq Ansari - Project Srishti working with Trend Micro's Zero Day Initiative
Aleksandar Nikolic of Cisco Talos

Addressed a potential issue where the application could be exposed to Remote Code Execution or Information Disclosure vulnerability by abusing GoToE & GoToR Actions to open or run arbitrary executable applications on a target system.

Assaf Baharav of Threat Response Research Team

Addressed a potential issues where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the _JP2_Codestream_Read_SOT function (ZDI-CAN-5549).

soiax working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the use of object which has been closed or removed (ZDI-CAN-5569/ZDI-CAN-5570/ZDI-CAN-5571/ZDI-CAN-5572/CVE-2018-3850/ZDI-CAN-5762/CVE-2018-10303/CVE-2018-10302).

Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
Aleksandar Nikolic of Cisco Talos
Steven Seeley of Source Incite working with iDefense Labs

Addressed a potential issue where the application could be exposed to Type Confusion vulnerability when parsing files with associated file annotations due to deference of an object of invalid type, which could lead to sensitive memory disclosure or arbitrary code execution (CVE-2018-3843).

Aleksandar Nikolic of Cisco Talos

Addressed a potential issue where the application could crash when opening a PDF in a browser from Microsoft Word since the application did not handle a COM object properly.

Anurudh

Addressed a potential issue where the application could be exposed to arbitrary application execution vulnerability since users could embed executable files to PDF portfolio from within the application (FG-VD-18-029).

Chris Navarrete of Fortinet's FortiGuard Labs

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.

Security updates available in Foxit Reader 9.1 and Foxit PhantomPDF 9.1

Release date: April 19, 2018

Platform: Windows

Summary

Foxit has released Foxit Reader 9.1 and Foxit PhantomPDF 9.1, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

9.0.1.1049 and earlier

Windows

Foxit PhantomPDF

9.0.1.1049 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could be exposed to Unsafe DLL Loading vulnerability since the application passes an insufficiently qualified path in loading an external library when a user launches the application, which could be exploited by attackers to execute remote code by placing a malicious DLL in the specified path directory.

Ye Yint Min Thu htut

Addressed potential issues where the application could be exposed to Heap Buffer Overflow Remote Code Execution vulnerability and crash with abusing certain function calls. (CVE-2017-17557/ZDI-CAN-5472/ZDI-CAN-5895/ZDI-CAN-5473).

Steven Seeley (mr_me) of Source Incite
willJ of Tencent PC Manager working with Trend Micro's Zero Day Initiative
Add of MeePwn working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free vulnerability due to the use of freed object when executing JavaScript or invoking certain functions to get object properties, which could be exploited by attackers to execute remote code (CVE-2017-14458/ZDI-CAN-5436/ZDI-CAN-5527/ZDI-CAN-5528/ZDI-CAN-5529/ZDI-CAN-5531/ZDI-CAN-5617/ZDI-CAN-5618/ZDI-CAN-5620/ZDI-CAN-5579/ZDI-CAN-5580/ZDI-CAN-5488/ZDI-CAN-5489/ZDI-CAN-5312/ZDI-CAN-5432/ ZDI-CAN-5433/ZDI-CAN-5434/ZDI-CAN-5435/ZDI-CAN-5568/ZDI-CAN-5491/ZDI-CAN-5379/ZDI-CAN-5382).

Aleksandar Nikolic of Cisco Talos
Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
bit from meepwn team working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Uninitialized Memory/Pointer Information Disclosure or Remote Code Execution vulnerabilities due to the use of uninitialized new Uint32Array object or member variables in PrintParams or m_pCurContex objects (ZDI-CAN-5437/ZDI-CAN-5438/CVE-2018-3842/ ZDI-CAN-5380).

Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative
Aleksandar Nikolic of Cisco Talos
bit from meepwn team working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write Remote Code Execution or Information Disclosure vulnerability and crash due to incorrect memory allocation, memory commit, memory access, or array access (ZDI-CAN-5442/ZDI-CAN-5490/ZDI-CAN-5413/ZDI-CAN-5754/ZDI-CAN-5755/ZDI-CAN-5758).

Phil Blankenship of Cerberus Security working with Trend Micro's Zero Day Initiative
Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative
Sudhakar Verma and Ashfaq Ansari - Project Srishti working with Trend Micro's Zero Day Initiative
soiax working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerabilities and crash. This occurs when executing certain XFA functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object without judging the data type and use the discrepant CXFA_Object to get layout object directly (ZDI-CAN-5370/ZDI-CAN-5371/ZDI-CAN-5372/ZDI-CAN-5373/ ZDI-CAN-5374/ZDI-CAN-5375/ZDI-CAN-5376/ZDI-CAN-5377).

Anonymous working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free Information Disclosure or Remote Code Execution vulnerability and crash since the application could continue to traverse pages after the document has been closed or free certain objects repeatedly (ZDI-CAN-5471/ZDI-CAN-5414/CVE-2018-3853).

willJ of Tencent PC Manager working with Trend Micro's Zero Day Initiative
Sudhakar Verma and Ashfaq Ansari - Project Srishti working with Trend Micro's Zero Day Initiative
Aleksandar Nikolic of Cisco Talos

Addressed a potential issue where the application could be exposed to Remote Code Execution or Information Disclosure vulnerability by abusing GoToE & GoToR Actions to open or run arbitrary executable applications on a target system.

Assaf Baharav of Threat Response Research Team

Addressed a potential issues where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the _JP2_Codestream_Read_SOT function (ZDI-CAN-5549).

soiax working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the use of object which has been closed or removed (ZDI-CAN-5569/ZDI-CAN-5570/ZDI-CAN-5571/ZDI-CAN-5572/CVE-2018-3850/ZDI-CAN-5762/CVE-2018-10303/CVE-2018-10302).

Steven Seeley (mr_me) of Source Incite working with Trend Micro's Zero Day Initiative
Aleksandar Nikolic of Cisco Talos
Steven Seeley of Source Incite working with iDefense Labs

Addressed a potential issue where the application could be exposed to Type Confusion vulnerability when parsing files with associated file annotations due to deference of an object of invalid type, which could lead to sensitive memory disclosure or arbitrary code execution (CVE-2018-3843).

Aleksandar Nikolic of Cisco Talos

Addressed a potential issue where the application could crash when opening a PDF in a browser from Microsoft Word since the application did not handle a COM object properly.

Anurudh

Addressed a potential issue where the application could be exposed to arbitrary application execution vulnerability since users could embed executable files to PDF portfolio from within the application (FG-VD-18-029).

Chris Navarrete of Fortinet's FortiGuard Labs

Addressed potential issues where the application could be exposed to U3D Out-of-Bounds Read/Write/Access vulnerabilities, which could lead to information disclosure or remote code execution (ZDI-CAN-5425/ZDI-CAN-5428/ ZDI-CAN-5429/ZDI-CAN-5430/ZDI-CAN-5483/ZDI-CAN-5494/ZDI-CAN-5495/ZDI-CAN-5393/ZDI-CAN-5394/ZDI-CAN-5395/ZDI-CAN-5396/ZDI-CAN-5397/ZDI-CAN-5399/ ZDI-CAN-5401/ZDI-CAN-5408/ZDI-CAN-5409/ZDI-CAN-5410/ZDI-CAN-5412/ZDI-CAN-5418/ZDI-CAN-5419/ZDI-CAN-5421/ZDI-CAN-5422/ZDI-CAN-5423/ZDI-CAN-5424/ CVE-2018-5675/CVE-2018-5677/CVE-2018-5679/CVE-2018-5680/ZDI-CAN-5392/ZDI-CAN-5426).

kdot working with Trend Micro's Zero Day Initiative
Dmitri Kaslov working with Trend Micro's Zero Day Initiative
Steven Seeley (mr_me) of Source Incite

Addressed potential issues where the application could be exposed to U3D Use-After-Free vulnerabilities, which could lead to remote code execution (ZDI-CAN-5427).

kdot working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to U3D Uninitialized Pointer vulnerabilities, which could lead to remote code execution (ZDI-CAN-5431/ZDI-CAN-5411).

Dmitri Kaslov working with Trend Micro's Zero Day Initiative
kdot working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to U3D Heap Buffer Overflow or Stack-based Buffer Overflow vulnerabilities, which could lead to remote code execution (ZDI-CAN-5493/ZDI-CAN-5420/ CVE-2018-5674/CVE-2018-5676/CVE-2018-5678).

Anonymous working with Trend Micro's Zero Day Initiative
kdot working with Trend Micro's Zero Day Initiative
Steven Seeley (mr_me) of Source Incite

Addressed potential issues where the application could be exposed to U3D Type Confusion vulnerabilities, which could lead to remote code execution (ZDI-CAN-5586/CVE-2018-7407).

Dmitri Kaslov working with Trend Micro's Zero Day Initiative
Steven Seeley (mr_me) of Source Incite

Addressed a potential issue where the application could be exposed to U3D Parsing Array Indexing vulnerability, which could lead to remote code execution (CVE-2018-7406).

Steven Seeley (mr_me) of Source Incite

Addressed potential issues where the application could be exposed to U3D Out-of-Bounds Read/Write/Access vulnerabilities, which could lead to information disclosure or remote code execution (ZDI-CAN-5425/ZDI-CAN-5428/ ZDI-CAN-5429/ZDI-CAN-5430/ZDI-CAN-5483/ZDI-CAN-5494/ZDI-CAN-5495/ZDI-CAN-5393/ZDI-CAN-5394/ZDI-CAN-5395/ZDI-CAN-5396/ZDI-CAN-5397/ZDI-CAN-5399/ ZDI-CAN-5401/ZDI-CAN-5408/ZDI-CAN-5409/ZDI-CAN-5410/ZDI-CAN-5412/ZDI-CAN-5418/ZDI-CAN-5419/ZDI-CAN-5421/ZDI-CAN-5422/ZDI-CAN-5423/ZDI-CAN-5424/ CVE-2018-5675/CVE-2018-5677/CVE-2018-5679/CVE-2018-5680/ZDI-CAN-5392/ZDI-CAN-5426).

kdot working with Trend Micro's Zero Day Initiative
Dmitri Kaslov working with Trend Micro's Zero Day Initiative
Steven Seeley (mr_me) of Source Incite

Addressed potential issues where the application could be exposed to U3D Use-After-Free vulnerabilities, which could lead to remote code execution (ZDI-CAN-5427).

kdot working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to U3D Uninitialized Pointer vulnerabilities, which could lead to remote code execution (ZDI-CAN-5431/ZDI-CAN-5411).

Dmitri Kaslov working with Trend Micro's Zero Day Initiative
kdot working with Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to U3D Heap Buffer Overflow or Stack-based Buffer Overflow vulnerabilities, which could lead to remote code execution (ZDI-CAN-5493/ZDI-CAN-5420/ CVE-2018-5674/CVE-2018-5676/CVE-2018-5678).

Anonymous working with Trend Micro's Zero Day Initiative
kdot working with Trend Micro's Zero Day Initiative
Steven Seeley (mr_me) of Source Incite

Addressed potential issues where the application could be exposed to U3D Type Confusion vulnerabilities, which could lead to remote code execution (ZDI-CAN-5586/CVE-2018-7407).

Dmitri Kaslov working with Trend Micro's Zero Day Initiative
Steven Seeley (mr_me) of Source Incite

Addressed a potential issue where the application could be exposed to U3D Parsing Array Indexing vulnerability, which could lead to remote code execution (CVE-2018-7406).

Steven Seeley (mr_me) of Source Incite

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.

Security updates available in Foxit MobilePDF for Android 6.1

Release date: January 8, 2018

Platform: Android

Summary

Foxit has released Foxit MobilePDF for Android 6.1, which addresses a potential security and stability issue.

Affected versions

Product

Affected versions

Platform

Foxit MobilePDF for Android

6.0.2 and earlier

Android

Solution

Update your applications to the latest versions by following one of the instructions below.

  • Click here to download the updated version of Foxit MobilePDF for Android.
  • Click here to download the updated version of Foxit MobilePDF Business for Android.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could be exposed to an arbitrary file read and disclosure vulnerability with abusing URI + escape character during Wi-Fi transfer. This occurs because the paths are not properly escaped or validated when processed within the URI, and the Wi-Fi service keeps running even if users have closed the application.

Benjamin Watson of VerSprite

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PhantomPDF 8.3.5

Release date: November 17, 2017

Platform: Windows

Summary

Foxit has released Foxit PhantomPDF 8.3.5, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit PhantomPDF

8.3.2.25013 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit PhantomPDF, click on “Check for Update” and update to the latest version.
  • Click here download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability. This occurs when executing certain XFA JavaScript functions in crafted PDF files since the application could transform non-CXFA_Node to CXFA_Node by force without judging the data type and use the discrepant CXFA_Node directly (ZDI-CAN-5015/ ZDI-CAN-5016/ZDI-CAN-5017/ZDI-CAN-5018/ZDI-CAN-5019/ ZDI-CAN-5020/ZDI-CAN-5021/ZDI-CAN-5022/ZDI-CAN-5027/ZDI-CAN-5029/ZDI-CAN-5288).

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative
Anonymous working with Trend
Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability. This occurs when executing certain XFA FormCalc functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object by force without judging the data type and use the discrepant CXFA_Object directly (ZDI-CAN-5072/ZDI-CAN-5073).

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability due to the use of Annot object which has been freed (ZDI-CAN-4979/ZDI-CAN-4980/ZDI-CAN-4981/ZDI-CAN-5023/ZDI-CAN-5024/ZDI-CAN-5025/ZDI-CAN-5026/ZDI-CAN-5028).

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative

Addressed potential issues where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the _JP2_Codestream_Read_SOT function (ZDI-CAN-4982/ZDI-CAN-5013/ZDI-CAN-4976/ZDI-CAN-4977/ZDI-CAN-5012/ ZDI-CAN-5244).

soiax working with Trend Micro's
Zero Day Initiative
kdot working with Trend Micro's
Zero Day Initiative
Carlos Garcia Prado working with
Trend Micro's Zero Day Initiative

Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to abnormal memory access with abusing the lrt_jp2_decompress_write_stripe function call to open arbitrary file (ZDI-CAN-5014).

kdot working with Trend Micro's 
Zero Day Initiative

Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when rendering images with abusing the render.image function call to open a local PDF file (ZDI-CAN-5078/ZDI-CAN-5079).

Ashraf Alharbi (Ha5ha5hin)
working with Trend Micro's Zero
Day Initiative

Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the GetBitmapWithoutColorKey function call to open an abnormal PDF file (ZDI-CAN-4978).

kdot working with Trend Micro's 
Zero Day Initiative

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to uninitialized pointer with abusing the JP2_Format_Decom function call to open an abnormal PDF file (ZDI-CAN-5011).

kdot working with Trend Micro's 
Zero Day Initiative

Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the inconsistency of XFA nodes and XML nodes after deletion during data binding (ZDI-CAN-5091/ZDI-CAN-5092/ZDI-CAN-5289).

Anonymous working with Trend 
Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the use of document after it has been freed by closeDoc JavaScript (ZDI-CAN-5094/ZDI-CAN-5282/ZDI-CAN-5294/ZDI-CAN-5295/ZDI-CAN-5296).

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative
Steven Seeley of Source Incite
working with Trend Micro's Zero
Day Initiative
bit from meepwn team working 
with Trend Micro's Zero Day
Initiative

Addressed a potential issue where when the application is running in single instance mode, it could be exposed to arbitrary code execution or denial of service vulnerability and fail to initialize PenInputPanel component by calling CoCreateInstance function when users open a PDF file by double click after launching the application (CVE-2017-14694).

Lin Wang, Beihang University,
China

Addressed a potential issue where the application could be exposed to Buffer Overflow vulnerability when opening certain EPUB file due to the invalid length of size_file_name in CDRecord in the ZIP compression data.

Phil Blankenship of Cerberus Security

Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability when opening certain XFA files due to the use of discrepant data object during data binding (ZDI-CAN-5216).

Anonymous working with Trend 
Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when the gflags app is enabled due to the incorrect resource loading which could lead to disordered file type filter (ZDI-CAN-5281).

Steven Seeley of Source Incite 
working with Trend Micro's Zero
Day Initiative

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to the calling of incorrect util.printf parameter (ZDI-CAN-5290).

Anonymous working with Trend
Micro's Zero Day Initiative

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit MobilePDF for iOS 6.1

Release date: November 12, 2017

Platform: iOS

Summary

Foxit has released Foxit MobilePDF for iOS 6.1, which addresses potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit MobilePDF for iOS

6.0.0 and earlier

iOS

Solution

Update your applications to the latest versions by following one of the instructions below.

  • Click here to download the updated version of Foxit MobilePDF for iOS
  • Click here to download the updated version of Foxit MobilePDF Business for iOS.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could be exposed to a denial-of-service vulnerability. This occurs when users upload a file which includes hexadecimal Unicode character in the “filename” parameter via Wi-Fi since the application could fail to parse such file name.

Antonio Zekić of INFIGO IS d.o.o.

Addressed a potential issue where the application could be exposed to a Directory Traversal vulnerability with abusing the URL + escape character during Wi-Fi transfer, which could be exploited by attackers to manipulate the local application files maliciously.

Antonio Zekić of INFIGO IS d.o.o.

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 9.0 and Foxit PhantomPDF 9.0

Release date: November 1, 2017

Platform: Windows

Summary

Foxit has released Foxit Reader 9.0 and Foxit PhantomPDF 9.0, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

8.3.2.25013 and earlier

Windows

Foxit PhantomPDF

8.3.2.25013 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability. This occurs when executing certain XFA JavaScript functions in crafted PDF files since the application could transform non-CXFA_Node to CXFA_Node by force without judging the data type and use the discrepant CXFA_Node directly (ZDI-CAN-5015/ ZDI-CAN-5016/ZDI-CAN-5017/ZDI-CAN-5018/ZDI-CAN-5019/ ZDI-CAN-5020/ZDI-CAN-5021/ZDI-CAN-5022/ZDI-CAN-5027/ZDI-CAN-5029/ZDI-CAN-5288).

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative
Anonymous working with Trend
Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Type Confusion Remote Code Execution vulnerability. This occurs when executing certain XFA FormCalc functions in crafted PDF files since the application could transform non-CXFA_Object to CXFA_Object by force without judging the data type and use the discrepant CXFA_Object directly (ZDI-CAN-5072/ZDI-CAN-5073).

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free Remote Code Execution vulnerability due to the use of Annot object which has been freed (ZDI-CAN-4979/ZDI-CAN-4980/ZDI-CAN-4981/ZDI-CAN-5023/ZDI-CAN-5024/ZDI-CAN-5025/ZDI-CAN-5026/ZDI-CAN-5028).

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative

Addressed potential issues where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the _JP2_Codestream_Read_SOT function (ZDI-CAN-4982/ZDI-CAN-5013/ZDI-CAN-4976/ZDI-CAN-4977/ZDI-CAN-5012/ ZDI-CAN-5244).

soiax working with Trend Micro's
Zero Day Initiative
kdot working with Trend Micro's
Zero Day Initiative
Carlos Garcia Prado working with
Trend Micro's Zero Day Initiative

Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to abnormal memory access with abusing the lrt_jp2_decompress_write_stripe function call to open arbitrary file (ZDI-CAN-5014).

kdot working with Trend Micro's
Zero Day Initiative

Addressed potential issues where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when rendering images with abusing the render.image function call to open a local PDF file (ZDI-CAN-5078/ZDI-CAN-5079).

Ashraf Alharbi (Ha5ha5hin)
working with Trend Micro's Zero
Day Initiative

Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to Out-of-Bounds Read Information Disclosure vulnerability with abusing the GetBitmapWithoutColorKey function call to open an abnormal PDF file (ZDI-CAN-4978).

kdot working with Trend Micro's
Zero Day Initiative

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to uninitialized pointer with abusing the JP2_Format_Decom function call to open an abnormal PDF file (ZDI-CAN-5011).

kdot working with Trend Micro's
Zero Day Initiative

Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the inconsistency of XFA nodes and XML nodes after deletion during data binding (ZDI-CAN-5091/ZDI-CAN-5092/ZDI-CAN-5289).

Anonymous working with Trend
Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to User-After-Free Remote Code Execution vulnerability due to the use of document after it has been freed by closeDoc JavaScript (ZDI-CAN-5094/ZDI-CAN-5282/ZDI-CAN-5294/ZDI-CAN-5295/ZDI-CAN-5296).

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative
Steven Seeley of Source Incite
working with Trend Micro's Zero
Day Initiative
bit from meepwn team working
with Trend Micro's Zero Day
Initiative

Addressed a potential issue where when the application is running in single instance mode, it could be exposed to arbitrary code execution or denial of service vulnerability and fail to initialize PenInputPanel component by calling CoCreateInstance function when users open a PDF file by double click after launching the application (CVE-2017-14694).

Lin Wang, Beihang University,
China

Addressed a potential issue where the application could be exposed to Buffer Overflow vulnerability when opening certain EPUB file due to the invalid length of size_file_name in CDRecord in the ZIP compression data.

Phil Blankenship of Cerberus Security

Addressed a potential issue where the application could be exposed to Type Confusion Remote Code Execution vulnerability when opening certain XFA files due to the use of discrepant data object during data binding (ZDI-CAN-5216).

Anonymous working with Trend
Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability when the gflags app is enabled due to the incorrect resource loading which could lead to disordered file type filter (ZDI-CAN-5281).

Steven Seeley of Source Incite
working with Trend Micro's Zero
Day Initiative

Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability due to the calling of incorrect util.printf parameter (ZDI-CAN-5290).

Anonymous working with Trend
Micro's Zero Day Initiative

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PhantomPDF 7.3.17

Release date: September 11, 2017

Platform: Windows

Summary

Foxit has released Foxit PhantomPDF 7.3.17, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit PhantomPDF

7.3.15.712 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit PhantomPDF, click on “Check for Update” and update to the latest version.
  • Click here download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where when the application is not running in Safe-Reading-mode, it could be exposed to command injection vulnerability with abusing the app.launchURL JavaScript call to execute a local program.

Ariele Caltabiano
(kimiya)
working with Trend
Micro's Zero
Day Initiative

Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary File Write vulnerability with abusing the this.saveAs function call to drop a file to the local file system.

Steven Seeley (mr_me)
of
Offensive Security
working with
Trend Micro's Zero Day
Initiative

Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary Write vulnerability with abusing the createDataObject function call to create arbitrary executable file in the local file system.

Steven Seeley (mr_me)
Chris Evans /
scarybeasts

Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to command injection vulnerability with abusing the xfa.host.gotoURL function call to open arbitrary executable file.

Steven Seeley (mr_me)
of
Offensive Security
working with
Trend Micro's Zero Day
Initiative
Alexander Inführ

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 8.3.2 and Foxit PhantomPDF 8.3.2

Release date: August 26, 2017

Platform: Windows

Summary

Foxit has released Foxit Reader 8.3.2 and Foxit PhantomPDF 8.3.2, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

8.3.1.21155 and earlier

Windows

Foxit PhantomPDF

8.3.1.21155 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where when the application is not running in Safe-Reading-mode, it could be exposed to command injection vulnerability with abusing the app.launchURL JavaScript call to execute a local program.

Ariele Caltabiano (kimiya)
working with Trend Micro's Zero
Day Initiative

Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary File Write vulnerability with abusing the this.saveAs function call to drop a file to the local file system.

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative

Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary Write vulnerability with abusing the createDataObject function call to create arbitrary executable file in the local file system.

Steven Seeley (mr_me)
Chris Evans / scarybeasts

Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to command injection vulnerability with abusing the xfa.host.gotoURL function call to open arbitrary executable file.

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative
Alexander Inführ

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PDF Compressor 7.7.2.23

Release date: July 26, 2017

Platform: Windows

Summary

Foxit has released Foxit PDF Compressor 7.7.2.23, which addresses a potential security and stability issue.

Affected versions

Product

Affected versions

Platform

Foxit PDF Compressor

From 7.0.0.183 to 7.7.2.10

Windows

Solution

No further action is required if you have installed the application securely. To get the latest version of Foxit PDF Compressor, please click here.


Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application's installer package could be exposed to a DLL Pre-Loading vulnerability, which could be leveraged by attackers to execute remote code during the installation process.

Kushal Arvind Shah of Fortinet's
FortiGuard Labs

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PhantomPDF 7.3.15

Release date: July 20, 2017

Platform: Windows

Summary

Foxit has released Foxit PhantomPDF 7.3.15, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit PhantomPDF

7.3.13.421 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit PhantomPDF, click on “Check for Update” and update to the latest version.
  • Click here download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a Null Pointer Read or Null Pointer Deference vulnerability, which could lead to unexpected crash.

Dmitri Kaslov

Addressed potential issues where the application could still execute JavaScript functions even when the JavaScript Actions in Trust Manager had been disabled.

Alexander Inführ

Addressed potential issues where the application could be exposed to Use-After-Free vulnerabilities, which could be exploited by attackers to execute remote code.

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to an Out-of-Bounds Read vulnerability, which could lead to information disclosure.

Ashfaq Ansari - Project Srishti
working with Trend Micro's Zero
Day Initiative

Addressed a potential issue where the application could be exposed to an Arbitrary Write vulnerability, which could be leveraged by attackers to execute remote code.

Ashfaq Ansari - Project Srishti

Addressed a potential issue where the application could be exposed to a Use-Before-Initialization vulnerability, which could lead to unexpected crash.

Jean-Marc Le Blanc

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 8.3.1 and Foxit PhantomPDF 8.3.1

Release date: July 04, 2017

Platform: Windows

Summary

Foxit has released Foxit Reader 8.3.1 and Foxit PhantomPDF 8.3.1, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

8.3.0.14878 and earlier

Windows

Foxit PhantomPDF

8.3.0.14878 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Update” and update to the latest version.
  • Click here download the updated version of Foxit Reader from our website.
  • Click here download the updated version of Foxit PhantomPDF from our website. If you already have a PhantomPDF 8 license, you can update to PhantomPDF 8.3.1 for free.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a Null Pointer Read or Null Pointer Deference vulnerability, which could lead to unexpected crash.

Dmitri Kaslov

Addressed potential issues where the application could still execute JavaScript functions even when the JavaScript Actions in Trust Manager had been disabled.

Alexander Inführ

Addressed potential issues where the application could be exposed to Use-After-Free vulnerabilities, which could be exploited by attackers to execute remote code.

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to an Out-of-Bounds Read vulnerability, which could lead to information disclosure.

Ashfaq Ansari - Project Srishti
working with Trend Micro's Zero
Day Initiative

Addressed a potential issue where the application could be exposed to an Arbitrary Write vulnerability, which could be leveraged by attackers to execute remote code.

Ashfaq Ansari - Project Srishti

Addressed a potential issue where the application could be exposed to a Use-Before-Initialization vulnerability, which could lead to unexpected crash.

Jean-Marc Le Blanc

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PhantomPDF 7.3.13

 

Release date: May 4, 2017

Platform: Windows

Summary

Foxit has released Foxit PhantomPDF 7.3.13, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit PhantomPDF

7.3.11.1122 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability, which could be exploited by attackers to execute remote code under the context of the current process.

NSFOCUS Security Team
SkyLined and Soiax working with
Trend Micro's Zero Day Initiative
Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to a Type Confusion vulnerability, which could be exploited by attackers to execute remote code under the context of the current process.

NSFOCUS Security Team

Addressed potential issues where the application could be exposed to an Out-of-Bounds Read vulnerability, which could lead to information disclosure or remote code execution.

Ke Liu of Tencent's Xuanwu LAB
working with Trend Micro's Zero
Day Initiative
Ashfaq Ansari - Project Srishti
working with Trend Micro's Zero
Day Initiative
SkyLined and Soiax working with
Trend Micro's Zero Day Initiative
lightseeker working with Trend
Micro's Zero Day Initiative
Anonymous1 working with Trend
Micro's Zero Day Initiative
Toan Pham Van working with
Trend Micro's Zero Day Initiative
kdot working with Trend Micro's
Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Null Pointer Dereference vulnerability when open a crafted PDF file, which could cause the application to crash unexpectedly.

riusksk of Tencent Security
Platform Department

Addressed a potential issue where the application could be exposed to a memory corruption vulnerability, which could be leveraged by attackers to execute remote code.

Toan Pham Van working with
Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to a JPEG2000 Parsing Out-of-Bounds Write/Read vulnerability, which could be exploited by attackers to execute remote code or leak information.

kdot working with Trend Micro's
Zero Day Initiative
Gogil of STEALIEN working with
Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability, which could be exploited by attackers to execute remote code.

Steven Seeley of Source Incite
working with Trend Micro's Zero
Day Initiative
kdot working with Trend Micro's
Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Font Parsing Out-of-Bounds Read vulnerability, which could lead to information disclosure.

kdot working with Trend Micro's
Zero Day Initiative

Addressed potential issues where the application could be exposed to an Out-of-Bounds Read or Memory Corruption vulnerability when converting JPEG or TIFF files to PDFs, which could be exploited by attackers to execute remote code or leak information.

Ke Liu of Tencent's Xuanwu LAB
working with Trend Micro's Zero
Day Initiative
Juan Pablo Lopez Yacubian
working with Trend Micro's Zero
Day Initiative

Addressed potential issues where the application could be exposed to Use-After-Free vulnerabilities, which could be exploited by attackers to execute remote code.

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative
Dmitri Kaslov

Addressed potential issues where the application could be exposed to a JPEG2000 Parsing Out-of-Bounds Write vulnerability, which could lead to remote code execution.

Toan Pham Van working with
Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a null pointer vulnerability, which could lead to unexpected crash.

Dmitri Kaslov (PwC za-labs)

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 8.3 and Foxit PhantomPDF 8.3

 

Release date: April 18, 2017

Platform: Windows

Summary

Foxit has released Foxit Reader 8.3 and Foxit PhantomPDF 8.3, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

8.2.1.6871 and earlier

Windows

Foxit PhantomPDF

8.2.1.6871 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website. If you already have a PhantomPDF 8 license, you can update to PhantomPDF 8.3 for free.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to Use-After-Free vulnerabilities, which could be exploited by attackers to execute remote code.

Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative
Dmitri Kaslov

Addressed potential issues where the application could be exposed to a JPEG2000 Parsing Out-of-Bounds Write vulnerability, which could lead to remote code execution.

Toan Pham Van working with
Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a null pointer vulnerability, which could lead to unexpected crash.

Dmitri Kaslov (PwC za-labs)

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PDF Toolkit 2.1

 

Release date: April 6, 2017

Platform: Windows

Summary

Foxit has released Foxit PDF Toolkit 2.1, which addresses a potential security issue.

Affected versions

Product

Affected versions

Platform

Foxit PDF Toolkit

2.0

Windows

Solution

Update Foxit PDF Toolkit to the latest version by clicking here to download it from our website.


Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could be exposed to a memory corruption vulnerability, which could be exploited by attackers to execute arbitrary code (CVE-2017-7584).

Kushal Arvind Shah of Fortinet's FortiGuard Labs

Security updates available in Foxit Reader 8.2.1 and Foxit PhantomPDF 8.2.1

 

Release date: March 1, 2017

Platform: Windows

Summary

Foxit has released Foxit Reader 8.2.1 and Foxit PhantomPDF 8.2.1, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

8.2.0.2051 and earlier

Windows

Foxit PhantomPDF

8.2.0.2192 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website. If you already have a PhantomPDF 8 license, you can update to PhantomPDF 8.2.1 for free.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability, which could be exploited by attackers to execute remote code under the context of the current process.

NSFOCUS Security Team
SkyLined and Soiax working with
Trend Micro's Zero Day Initiative
Steven Seeley (mr_me) of
Offensive Security working with
Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to a Type Confusion vulnerability, which could be exploited by attackers to execute remote code under the context of the current process.

NSFOCUS Security Team

Addressed potential issues where the application could be exposed to an Out-of-Bounds Read vulnerability, which could lead to information disclosure or remote code execution.

Ke Liu of Tencent's Xuanwu LAB
working with Trend Micro's Zero
Day Initiative
Ashfaq Ansari - Project Srishti
working with Trend Micro's Zero
Day Initiative
SkyLined and Soiax working with
Trend Micro's Zero Day Initiative
lightseeker working with Trend
Micro's Zero Day Initiative
Anonymous1 working with Trend
Micro's Zero Day Initiative
Toan Pham Van working with
Trend Micro's Zero Day Initiative
kdot working with Trend Micro's
Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Null Pointer Dereference vulnerability when open a crafted PDF file, which could cause the application to crash unexpectedly.

riusksk of Tencent Security
Platform Department

Addressed a potential issue where the application could be exposed to a memory corruption vulnerability, which could be leveraged by attackers to execute remote code.

Toan Pham Van working with
Trend Micro's Zero Day Initiative

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 8.2 and Foxit PhantomPDF 8.2

 

Release date: January 10, 2017

Platform: Windows

Summary

Foxit has released Foxit Reader 8.2 and Foxit PhantomPDF 8.2, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

8.1.4.1208 and earlier

Windows

Foxit PhantomPDF

8.1.1.1115 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website. If you already have a PhantomPDF 8 license, you can update to PhantomPDF 8.2 for free.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a JPEG2000 Parsing Out-of-Bounds Write/Read vulnerability, which could be exploited by attackers to execute remote code or leak information.

kdot working with Trend Micro's
Zero Day Initiative
Gogil of STEALIEN working with
Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability, which could be exploited by attackers to execute remote code.

Steven Seeley of Source Incite
working with Trend Micro's Zero
Day Initiative
kdot working with Trend Micro's
Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Font Parsing Out-of-Bounds Read vulnerability, which could lead to information disclosure.

kdot working with Trend Micro's
Zero Day Initiative

Addressed potential issues where the application could be exposed to an Out-of-Bounds Read or Memory Corruption vulnerability when converting JPEG or TIFF files to PDFs, which could be exploited by attackers to execute remote code or leak information.

Ke Liu of Tencent's Xuanwu LAB
working with Trend Micro's Zero
Day Initiative
Juan Pablo Lopez Yacubian
working with Trend Micro's Zero
Day Initiative

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader for Linux 2.3

 

Release date: January 10, 2017

Platform: Linux

Summary

Foxit has released Foxit Reader for Linux 2.3, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

2.2.1025 and earlier

Linux

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, click on “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could be exposed to a stack overflow vulnerability, which could be exploited by attackers to execute a controlled crash.

Dmitri Kaslov

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PDF Toolkit 2.0

 

Release date: January 10, 2017

Platform: Windows

Summary

Foxit has released Foxit PDF Toolkit 2.0, which addresses a potential security issue.

Affected versions

Product

Affected versions

Platform

Foxit PDF Toolkit

1.3

Windows

Solution

Update Foxit PDF Toolkit to the latest version by clicking here to download it from our website.


Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could be exposed to a memory corruption vulnerability when parsing PDF files, which could cause remote code execution (CVE-2017-5364).

Kushal Arvind Shah of Fortinet's FortiGuard Labs

Security updates available in Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1

 

Release date: November 17, 2016

Platform: Windows

Summary

Foxit has released Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

8.1.0.1013 and earlier

Windows

Foxit PhantomPDF

8.1.0.1013 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a JPEG2000 Parsing Out-of-Bounds Read vulnerability, which could lead to information disclosure.

Gogil of STEALIEN working with
Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a JPEG2000 Parsing Use-After-Free vulnerability, which could be leveraged by attackers to execute remote code.

Gogil of STEALIEN working with
Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a JPEG2000 Parsing Heap-Based Buffer Overflow vulnerability, which could be exploited by attackers to execute remote code.

Gogil of STEALIEN working with
Trend Micro's Zero Day Initiative

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 8.1 and Foxit PhantomPDF 8.1

 

Release date: October 18, 2016

Platform: Windows

Summary

Foxit has released Foxit Reader 8.1 and Foxit PhantomPDF 8.1, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

8.0.5 and earlier

Windows

Foxit PhantomPDF

8.0.5 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates (Now)” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a Heap Corruption vulnerability, which could be exploited by attackers to execute arbitrary code.

Dmitri Kaslov
Ke Liu of Tencent’s Xuanwu LAB

Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability, which could be leveraged by attackers to execute arbitrary code.

Dmitri Kaslov
Steven Seeley of Source Incite
Rocco Calvi

Addressed potential issues where the application could be exposed to an Out-of-Bounds Read or Out-of-Bounds Write vulnerability, which could lead to remote code execution or information disclosure.

Ke Liu of Tencent’s Xuanwu LAB
Rocco Calvi
kdot working with Trend Micro's Zero Day Initiative
Soiax working with Trend Micro's Zero Day Initiative
Dmitri Kaslov
Steven Seeley of Source Incite working with Trend Micro's Zero Day
SkyLined and Soiax working with Trend Micro's Zero Day Initiative
Aleksandar Nikolic of Cisco Talos

Addressed a potential issue where the application could be exposed to a Null Pointer Dereference vulnerability, which could cause the application to crash unexpectedly.

Dmitri Kaslov

Addressed potential issues where the application could be exposed to Heap Buffer Overflow vulnerability, which could lead to remote code execution.

kdot working with Trend Micro's Zero Day Initiative
Ke Liu of Tencent’s Xuanwu LAB
SkyLined and Soiax working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to an Integer Overflow vulnerability, which could lead to remote code execution.

kdot working with Trend Micro's Zero Day Initiative

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader for Mac and Linux 2.2

 

Release date: October 18, 2016

Platform: Mac OS X/Linux

Summary

Foxit has released Foxit Reader for Mac and Linux 2.2, which address potential security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

2.1.0.0805 and earlier

Linux

Foxit Reader

2.1.0.0804 and earlier

Mac OS X

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, click on “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a local privilege escalation vulnerability due to the weak file permissions, which could be exploited by attackers to execute arbitrary code(CVE-2016-8856).

c0dist (Garage4Hackers)

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader for Windows 8.0.2, Foxit Reader for Mac/Linux 2.1, and Foxit PhantomPDF 8.0.2

 

Release date: August 8, 2016

Platform: Windows, Mac OS X, Linux

Summary

Foxit has released Foxit Reader for Windows 8.0.2, Foxit Reader for Mac/Linux 2.1, and Foxit PhantomPDF 8.0.2, which address security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

8.0.0.624 and earlier

Windows

Foxit Reader

2.0.0.0625 and earlier

Mac OS X

Foxit Reader

1.1.1.0602 and earlier

Linux

Foxit PhantomPDF

8.0.1.628 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates (Now)” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website..

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a TIFF Parsing Out-of-Bounds Read/Write vulnerability, which could be leveraged by attackers to execute remote code or leak information.

Ke Liu of Tencent’s Xuanwu LAB
Steven Seeley of Source Incite
5206560A306A2E085A437FD258EB57CE working with Trend Micro's Zero Day Initiative
Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Use-After-Free vulnerability when attempting to parse malformed FlateDecode Streams, which could be leveraged by attackers to leak sensitive information or execute remote code.

Rocco Calvi and Steven Seeley of Source Incite

Addressed potential issues where the application could be exposed to an Out-Of-Bounds Read/Write vulnerability when parsing JPEG2000 files, which could be leveraged by attackers to leak information or execute remote code.

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to memory corruption vulnerability when parsing JPEG2000 files, which could cause remote code execution.

Ke Liu of Tencent’s Xuanwu LAB

Addressed a potential issue where the application could be exposed to a DLL hijacking vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system.

Himanshu Mehta

Addressed potential issues where the application could be exposed to a JPXDecode Out-of-Bounds Read/Write vulnerability when processing specially crafted PDF files with malformed JPXDecode streams, which could cause information leak or remote code execution (CVE-2016-6867).

Steven Seeley of Source Incite
Kai Lu of Fortinet's FortiGuard Labs

Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read vulnerability when processing specially crafted BMP files, which could cause information leak.

Steven Seeley of Source Incite 5206560A306A2E085A437FD258EB57CE working with Trend Micro's Zero Day Initiative

Addressed a potential memory corruption vulnerabilities which could cause the application to crash unexpectedly (CVE-2016-6868).

Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
Kai Lu of Fortinet's FortiGuard Labs

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader and Foxit PhantomPDF 8.0

 

Release date: June 27, 2016

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 8.0, which address security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.3.4.311 and earlier

Windows

Foxit PhantomPDF

7.3.4.311 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.
  • Click here to download the updated version of Foxit PhantomPDF from our website.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could be exposed to a Use-After-Free Remote Code Execution vulnerability when opening a XFA file whose layout direction is set as “lr-tb”.

Rocco Calvi

Addressed a potential issue where the application could be exposed to a FlatDecode Use-After-Free Remote Code Execution vulnerability when parsing the inline image in certain PDF file (CVE-2016-6168).

Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative
Kushal Arvind Shah of Fortinet's FortiGuard Labs

Addressed a potential issue where the application could be exposed to a Safe Mode Bypass Information Disclosure vulnerability when handling SWF content that is embedded in a PDF file, which could be leveraged by attackers to access user’s local files or remote resources.

Björn Ruytenberg working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to an exportData Restrictions Bypass Remote Code Execution vulnerability, which could be leveraged by attackers to execute a malicious file.

insertscript working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a ConvertToPDF TIFF Parsing Out-of-Bounds Write Remote Code Execution vulnerability when converting certain TIFF file to PDF file.

Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure vulnerability when converting a JPEG file that contains incorrect EXIF data to PDF file.

AbdulAziz Hariri - Trend Micro Zero Day Initiative working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure vulnerability when parsing a JPEG image with corrupted color component in a PDF file.

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a ConvertToPDF GIF Parsing Out-of-Bounds Write Remote Code Execution vulnerability when converting certain GIF file to PDF file.

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a ConvertToPDF BMP Parsing Out-of-Bounds Write Remote Code Execution vulnerability or a ConvertToPDF BMP Parsing Out-of-Bounds Read Information Disclosure vulnerability when converting a BMP file to PDF file.

kdot and anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read vulnerability which could be leveraged by attackers to execute remote code under the context of the current process.

Ke Liu of Tencent’s Xuanwu LAB

Addressed a potential issue where the application could be exposed to a Heap Buffer Overflow Remote Code Execution vulnerability when processing specially crafted TIFF files with large SamplesPerPixel values.

Steven Seeley of Source Incite

Addressed a potential issue where the application could be exposed to a Stack Buffer Overflow Remote Code Execution vulnerability when parsing an unusually long GoToR string.

Abdul-Aziz Hariri of Trend Micro Zero Day Initiative, working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when parsing a PDF file that contains messy code in its image description.

Rocco Calvi and Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Pattern Uninitialized Pointer Remote Code Execution vulnerability when processing a stretched image in certain PDF files.

Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Heap Overflow vulnerability when parsing the content of a PDF file containing incorrect Bezier data (CVE-2016-6169).

Kai Lu of Fortinet's FortiGuard Labs

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader for Linux 1.1.1

 

Release date: June 12, 2016

Platform: Linux

Summary

Foxit has released Foxit Reader for Linux 1.1.1, which addresses security and stability issues.

Affected versions

Product

Affected versions

Platform

Foxit Reader

1.1.0.0225 and earlier

Linux

Solution

Update your application to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, click on “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader from our website.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could crash unexpectedly due to memory corruption or invalid read when opening a specially crafted PDF file, which could be leveraged by attackers to execute a controlled crash.

Mateusz Jurczyk of Google Project Zero

For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PhantomPDF 7.3.11

 

Release date: November 30, 2016

Platform: Windows

Summary

Foxit has released Foxit PhantomPDF 7.3.11, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit PhantomPDF

7.3.9.816 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a JPEG2000 Parsing Out-of-Bounds Read vulnerability, which could lead to information disclosure.

Gogil of STEALIEN working with
Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a JPEG2000 Parsing Use-After-Free vulnerability, which could be leveraged by attackers to execute remote code.

Gogil of STEALIEN working with
Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a JPEG2000 Parsing Heap-Based Buffer Overflow vulnerability, which could be exploited by attackers to execute remote code.

Gogil of STEALIEN working with
Trend Micro's Zero Day Initiative

Addressed potential issues where the application could be exposed to a Heap Corruption vulnerability, which could be exploited by attackers to execute arbitrary code.

Dmitri Kaslov
Ke Liu of Tencent’s Xuanwu LAB

Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability, which could be leveraged by attackers to execute arbitrary code.

Dmitri Kaslov
Steven Seeley of Source Incite
Rocco Calvi

Addressed potential issues where the application could be exposed to an Out-of-Bounds Read or Out-of-Bounds Write vulnerability, which could lead to remote code execution or information disclosure.

Ke Liu of Tencent’s Xuanwu LAB
Rocco Calvi
kdot working with Trend Micro's Zero
Day Initiative
Soiax working with Trend Micro's Zero
Day Initiative
Dmitri Kaslov
Steven Seeley of Source Incite working
with Trend Micro's Zero Day
SkyLined and Soiax working with Trend
Micro's Zero Day Initiative
Aleksandar Nikolic of Cisco Talos

Addressed a potential issue where the application could be exposed to a Null Pointer Dereference vulnerability, which could cause the application to crash unexpectedly.

Dmitri Kaslov

Addressed potential issues where the application could be exposed to Heap Buffer Overflow vulnerability, which could lead to remote code execution.

kdot working with Trend Micro's Zero
Day Initiative
Ke Liu of Tencent’s Xuanwu LAB
SkyLined and Soiax working with Trend
Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to an Integer Overflow vulnerability, which could lead to remote code execution.

kdot working with Trend Micro's Zero
Day Initiative

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PhantomPDF 7.3.9

 

Release date: August 22, 2016

Platform: Windows

Summary

Foxit has released Foxit PhantomPDF 7.3.9, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit PhantomPDF

7.3.4.311 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed potential issues where the application could be exposed to a TIFF Parsing Out-of-Bounds Read/Write vulnerability, which could be leveraged by attackers to execute remote code or leak information.

Ke Liu of Tencent’s Xuanwu LAB
Steven Seeley of Source Incite
5206560A306A2E085A437FD258EB57CE working with Trend Micro's Zero Day Initiative
Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Use-After-Free vulnerability when attempting to parse malformed FlateDecode Streams, which could be leveraged by attackers to leak sensitive information or execute remote code.

Rocco Calvi and Steven Seeley of Source Incite

Addressed potential issues where the application could be exposed to an Out-Of-Bounds Read/Write vulnerability when parsing JPEG2000 files, which could be leveraged by attackers to leak information or execute remote code.

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to memory corruption vulnerability when parsing JPEG2000 files, which could cause remote code execution.

Ke Liu of Tencent’s Xuanwu LAB

Addressed a potential issue where the application could be exposed to a DLL hijacking vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code on the targeted system.

Himanshu Mehta

Addressed potential issues where the application could be exposed to a JPXDecode Out-of-Bounds Read/Write vulnerability when processing specially crafted PDF files with malformed JPXDecode streams, which could cause information leak or remote code execution (CVE-2016-6867).

Steven Seeley of Source Incite
Kai Lu of Fortinet's FortiGuard Labs

Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read vulnerability when processing specially crafted BMP files, which could cause information leak.

Steven Seeley of Source Incite
5206560A306A2E085A437FD258EB57CE working with Trend Micro's Zero Day Initiative

Addressed a potential memory corruption vulnerabilities which could cause the application to crash unexpectedly (CVE-2016-6868).

Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
Kai Lu of Fortinet's FortiGuard Labs

Addressed a potential issue where the application could be exposed to a Use-After-Free Remote Code Execution vulnerability when opening a XFA file whose layout direction is set as “lr-tb”.

Rocco Calvi

Addressed a potential issue where the application could be exposed to a FlatDecode Use-After-Free Remote Code Execution vulnerability when parsing the inline image in certain PDF file (CVE-2016-6168).

Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative
Kushal Arvind Shah of Fortinet's FortiGuard Labs

Addressed a potential issue where the application could be exposed to a Safe Mode Bypass Information Disclosure vulnerability when handling SWF content that is embedded in a PDF file, which could be leveraged by attackers to access user’s local files or remote resources.

Björn Ruytenberg working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to an exportData Restrictions Bypass Remote Code Execution vulnerability, which could be leveraged by attackers to execute a malicious file.

insertscript working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a ConvertToPDF TIFF Parsing Out-of-Bounds Write Remote Code Execution vulnerability when converting certain TIFF file to PDF file.

Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure vulnerability when converting a JPEG file that contains incorrect EXIF data to PDF file.

AbdulAziz Hariri - Trend Micro Zero Day Initiative working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a JPEG Parsing Out-of-Bounds Read Information Disclosure vulnerability when parsing a JPEG image with corrupted color component in a PDF file.

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a ConvertToPDF GIF Parsing Out-of-Bounds Write Remote Code Execution vulnerability when converting certain GIF file to PDF file.

kdot working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a ConvertToPDF BMP Parsing Out-of-Bounds Write Remote Code Execution vulnerability or a ConvertToPDF BMP Parsing Out-of-Bounds Read Information Disclosure vulnerability when converting a BMP file to PDF file.

kdot and anonymous working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read vulnerability which could be leveraged by attackers to execute remote code under the context of the current process.

Ke Liu of Tencent’s Xuanwu LAB

Addressed a potential issue where the application could be exposed to a Heap Buffer Overflow Remote Code Execution vulnerability when processing specially crafted TIFF files with large SamplesPerPixel values.

Steven Seeley of Source Incite

Addressed a potential issue where the application could be exposed to a Stack Buffer Overflow Remote Code Execution vulnerability when parsing an unusually long GoToR string.

Abdul-Aziz Hariri of Trend Micro Zero Day Initiative, working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when parsing a PDF file that contains messy code in its image description.

Rocco Calvi and Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Pattern Uninitialized Pointer Remote Code Execution vulnerability when processing a stretched image in certain PDF files.

Steven Seeley of Source Incite, working with Trend Micro's Zero Day Initiative

Addressed a potential issue where the application could be exposed to a Heap Overflow vulnerability when parsing the content of a PDF file containing incorrect Bezier data (CVE-2016-6169).

Kai Lu of Fortinet's FortiGuard Labs

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader and Foxit PhantomPDF 7.3.4

 

Release date: March 16, 2016

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.3.4, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.3.0.118 and earlier

Windows

Foxit PhantomPDF

7.3.0.118 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could still use the pointer after the object it pointed had been removed, which could cause an application crash.

Mateusz Jurczyk, Google Project Zero

Addressed a potential issue where the application could crash caused by the error in parsing malformed content stream.

Ke Liu of Tencent’s Xuanwu LAB

Addressed a potential issue where the application recursively called the format error of some PDFs and led to no response when opening the PDF.

Ke Liu of Tencent’s Xuanwu LAB

Addressed a potential issue where the application could not parse the image content in the document normally.

Jaanus Kp, Clarified Security, working with Trend Micro's Zero Day Initiative (ZDI)

Addressed a potential issue where the destructor of the object whose generation number is -1 in the PDF file could release the file handle which had been imported by the application layer.

Mario Gomes(@NetFuzzer), working with Trend Micro's Zero Day Initiative (ZDI)

Addressed a potential issue where the application could crash caused by the error in decoding corrupted images during PDF conversion with the gflags app enabled.

AbdulAziz Hariri, working with Trend Micro's Zero Day Initiative (ZDI)

Addressed a potential issue where XFA’s underlying data failed to synchronize with that of PhantomPDF/Reader caused by the re-layout underlying XFA.

kdot, working with Trend Micro's Zero Day Initiative (ZDI)

Addressed a potential issue where the application could call JavaScripts to do Save As or Print when closing the document.

AbdulAziz Hariri, working with Trend Micro's Zero Day Initiative (ZDI)

Addressed a potential issue where the TimeOut function responded incorrectly and could cause the application crash.

AbdulAziz Hariri, working with Trend Micro's Zero Day Initiative (ZDI)

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader and Foxit PhantomPDF 7.3

 

Release date: Jan. 20, 2016

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.3, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.2.8.1124 and earlier

Windows

Foxit PhantomPDF

7.2.2.929 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the application could be exposed to the Font Parsing Use-After-Free Remote Code Execution Vulnerability.

Mario Gomes(@NetFuzzer), working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to the Global setPersistent Use-After-Free Remote Code Execution Vulnerability.

AbdulAziz Hariri, HPE Zero Day Initiative, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to the WillClose Action Use-After-Free Remote Code Execution Vulnerability.

AbdulAziz Hariri, HPE Zero Day Initiative, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to remote code execution vulnerability when opening certain PDF file with images.

Rocco Calvi, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to XFA FormCalc Replace Integer Overflow Vulnerability.

HPE Zero Day Initiative, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Remote Code Execution Vulnerability due to JBIG2 Out-of-Bounds Read.

kdot, working with HP's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when parsing certain PDF files that contain malformed images.

Francis Provencher, COSIG

Addressed a potential issue where the application could crash unexpectedly when converting certain image with incorrect image data.

kdot, working with HP's Zero Day Initiative

Addressed a potential Microsoft Windows Gdiplus GpRuntime::GpLock::GpLock Use-After-Free Remote Code Execution Vulnerability.

Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to DLL hijacking vulnerability when trying to load xpsp2res.dll or phoneinfo.dll.

Ke Liu of Tencent’s Xuanwu LAB

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader and Foxit PhantomPDF 7.2.2

 

Release date: October 8, 2015

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.2.2, which fixed some security issues where the application could be exposed to some vulnerabilities or crash unexpectedly.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.2.0.722 and earlier

Windows

Foxit PhantomPDF

7.2.0.722 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where attacker could exploit a Foxit Cloud Plugin vulnerability to execute arbitrary code.

Zhipeng Huo of Tencent's Xuanwu Lab

Addressed a potential issue where the application could crash unexpectedly when opening certain secured PDF files.

kdot, working with HP's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when opening a PDF file that contains incorrect gif data while being debugged by GFlags.exe.

Jaanus Kp of Clarified Security, working with HP's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when opening a PDF file that contains incorrect inline image while being debugged by GFlags.exe.

Jaanus Kp of Clarified Security, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to an Out-of-Bounds Read Vulnerability when opening certain XFA forms.

Jaanus Kp of Clarified Security, working with HP's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when printing certain PDF files.

AbdulAziz Hariri, working with HP's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly when saving certain PDF files.

AbdulAziz Hariri, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Foxit Cloud Update Service Local Privilege Escalation Vulnerability.

AbdulAziz Hariri and Jasiel Spelman, working with HP's Zero Day Initiative

Addressed a potential issue where the application could be exposed to Use-After-Free Vulnerability when executing print() or referencing App after closing the document.

AbdulAziz Hariri, working with HP's Zero Day Initiative

Addressed a potential issue where the application could crash unexpectedly due to recursive reference.

Guillaume Endignoux of ANSSI

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader and Foxit PhantomPDF 7.2

 

Release date: July 29, 2015

Platform: Windows

Summary

Foxit has released Foxit Reader and Foxit PhantomPDF 7.2, which address security vulnerabilities that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.1.5.425 and earlier

Windows

Foxit Enterprise Reader

7.1.5.425 and earlier

Windows

Foxit PhantomPDF

7.1.5.425 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where attackers could exploit a PDF creator plugin vulnerability to execute arbitrary code.

Sascha Schirra

Addressed a potential issue where the applications could be exposed to a remote code execution when converting a TIFF file to PDF file.

Steven Seeley of Source Incite, working with HP's Zero Day Initiative

Addressed a potential issue where the applications could be exposed to a remote code execution vulnerability when converting a GIF file to PDF file.

Steven Seeley of Source Incite, working with HP's Zero Day Initiative

Addressed a potential issue where memory corruption may occur when opening certain XFA forms.

Kai Lu of Fortinet's FortiGuard Labs

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit MobilePDF for Android 3.3.2

 

Release date: May 18, 2015

Platform: Android

Summary

Foxit has released Foxit MobilePDF for Android 3.3.2, which addresses a security vulnerability that could potentially allow an attacker to intercept the username and password of user’s cloud service.

Affected versions

Product

Affected versions

Platform

Foxit MobilePDF for Android

3.3.1 and earlier

Android

Foxit MobilePDF Business for Android

3.3.1 and earlier

Android

Solution

Update your applications to the latest versions by following one of the instructions below.

  • Click here to download the updated version of Foxit MobilePDF for Android.
  • Click here to download the updated version of Foxit MobilePDF Business for Android.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where credentials of cloud services may be exposed to MITM attackers when users log in the cloud services from within Foxit MobilePDF.

Sam Bowne

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1.5

 

Release date: April 24, 2015

Platform: Windows

Summary

Foxit has released Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1.5, which address security vulnerabilities that could potentially allow an attacker to execute controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.1.0.306 and 7.1.3.320

Windows

Foxit Enterprise Reader

7.1.0.306 and 7.1.3.320

Windows

Foxit PhantomPDF

7.1.0.306, 7.1.2.311, 7.1.3.320

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where memory corruption may occur when parsing a PDF file that contains an invalid stream.

Francis Provencher of Protek Research Lab's

Addressed a potential issue where memory corruption may occur during digital signature verification.

Kai Lu of Fortinet's FortiGuard Labs

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1

 

Release date: March 9, 2015

Platform: Windows

Summary

Foxit has released Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 7.1, which address security vulnerabilities that could potentially allow an attacker to execute malicious file or controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

7.0.6.1126 and earlier

Windows

Foxit Enterprise Reader

7.0.6.1126 and earlier

Windows

Foxit PhantomPDF

7.0.6.1126 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where attackers could exploit a Foxit Cloud plugin vulnerability to execute malicious files.

Aljaz Ceru of InSec

Addressed a potential issue where memory corruption may occur when converting a GIF file with an invalid value in LZWMinimumCodeSize, which could lead to a controlled crash execution.

Francis Provencher of Protek Research Lab's

Addressed a potential issue where memory corruption may occur when converting a GIF file with an invalid value in Ubyte Size in its DataSubBlock Structure, which could lead to a controlled crash execution.

Francis Provencher of Protek Research Lab's

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PDF SDK ActiveX 5.0.2.924

 

Release date: September 29, 2014

Platform: Windows

Summary

Foxit has released Foxit PDF SDK ActiveX 5.0.2.924, which addresses a security vulnerability where applications built on Foxit PDF SDK ActiveX could be exposed to Buffer Overflow.

Affected versions

Product

Affected versions

Platform

Foxit PDF SDK ActiveX

2.3 to 5.0.1.820

Windows

Solution

Please contact our support team via support@foxitsoftware.com or 1-866-693-6948 (24/7) to upgrade to Foxit PDF SDK ActiveX 5.0.2.924.


Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where applications built on Foxit PDF SDK ActiveX may be exposed to Buffer Overflow when invoking “SetLogFile ()” method.

Andrea Micalizzi (rgod), working with Hewlett-Packard's Zero Day Initiative (ZDI)

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 6.2.1

 

Release date: July 1, 2014

Platform: Windows

Summary

Foxit has released Foxit Reader, Foxit Enterprise Reader, and Foxit PhantomPDF 6.2.1 which address a security vulnerability that could potentially allow an attacker to execute malicious file.

Affected versions

Product

Affected versions

Platform

Foxit Reader

6.2.0.429 and earlier

Windows

Foxit Enterprise Reader

6.2.0.429 and earlier

Windows

Foxit PhantomPDF

6.2.0.429 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, Foxit Enterprise Reader, or Foxit PhantomPDF, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit Enterprise Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue caused by the Stored XSS vulnerability when reading and displaying filenames and their paths on the “Recent Documents” section from the Start Page.

Bernardo Rodrigues

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit PDF SDK DLL 3.1.1.5005

 

Release date: March 9, 2015

Platform: Windows

Summary

Foxit has released Foxit PDF SDK DLL 3.1.1.5005, which addresses a security vulnerability that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit PDF SDK DLL

3.1.1.2927 and earlier

Windows

Solution

Please contact our support team via support@foxitsoftware.com or 1-866-693-6948 (24/7) to upgrade to Foxit PDF SDK DLL 3.1.1.5005.


Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where applications built on Foxit PDF SDK DLL may be exposed to Buffer Overflow Remote Code Execution Vulnerability when invoking “FPDFBookmark_GetTitle()” method.

Hewlett-Packard’s Zero Day Initiative (ZDI)

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 6.1.4

 

Release date: February 19, 2014

Platform: Windows

Summary

Foxit has released Foxit Reader 6.1.4, which addresses a security vulnerability that could potentially allow an attacker to execute malicious file.

Affected versions

Product

Affected versions

Platform

Foxit Reader

6.1.2.1224

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” tab of Foxit Reader, go to “Check for Update” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where Foxit Reader tried to load imgseg.dll, which could be exploited.

Hossam Hosam

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.4.5 and Foxit PhantomPDF 5.4.3

 

Release date: February 7, 2013

Platform: Windows

Summary

Foxit has released Foxit Reader 5.4.5 and Foxit PhantomPDF 5.4.3, which address a security vulnerability that could potentially allow an attacker to execute arbitrary code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.4.4 and earlier

Windows

Foxit PhantomPDF

5.4.2 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader or Foxit PhantomPDF, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of Foxit PhantomPDF.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where attackers can exploit a web browser plugin vulnerability to execute arbitrary code.

Secunia

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Advanced PDF Editor 3.0.4.0

 

Release date: January 14, 2013

Platform: Windows

Summary

Foxit has released Foxit Advanced PDF Editor 3.0.4.0, which addresses a security vulnerability that could potentially allow an attacker to execute arbitrary code.

Affected versions

Product

Affected versions

Platform

Foxit Advanced PDF Editor

3.0.0.0

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where hackers can run arbitrary code by repairing a STATUS_STACK_BUFFER_OVERRUN exception.

CERT Coordination Center

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.4.3

 

Release date: September 26, 2012

Platform: Windows

Summary

Foxit has released Foxit Reader 5.4.3, which addresses a security vulnerability that could potentially allow an attacker to execute arbitrary code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.4.2.0901 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where the insecure application loading libraries could be exploited to attack the application.

Parvez Anwar of Secunia SVCRP

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.4

 

Release date: September 6, 2012

Platform: Windows

Summary

Foxit has released Foxit Reader 5.4, which addresses a security vulnerability that could potentially allow an attacker to execute malicious file.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.3.1.0606 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue where Foxit Reader may call and run malicious code in the Dynamic Link Library (DLL) file.

Remy Brands

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.3

 

Release date: May 3, 2012

Platform: Windows

Summary

Foxit has released Foxit Reader 5.3, which addresses a security vulnerability that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.1.4.0104 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed an issue where users cannot open the attachments of PDF files in XP and Windows7.

John Leitch of Microsoft Vulnerability Research

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.1.3

 

Release date: December 7, 2011

Platform: Windows

Summary

Foxit has released Foxit Reader 5.1.3, which addresses a security vulnerability that could potentially allow an attacker to execute controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.1.0.1021 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue caused by the cross-border assignment of an array which may result in memory corruption vulnerabilities when opening certain PDF files.

Alex Garbutt of iSEC Partners, Inc.

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.0.2

 

Release date: July 21, 2011

Platform: Windows

Summary

Foxit has released Foxit Reader 5.0.2, which addresses security vulnerabilities that could potentially allow an attacker to execute arbitrary code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

5.0 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue of arbitrary code execution when opening certain PDF files.

Rob Kraus of Security Consulting Services (SCS)

Addressed an issue of Foxit Reader when opening certain PDF files in a web browser.

Dmitriy Pletnev of Secunia Research

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 5.0

 

Release date: May 26, 2011

Platform: Windows

Summary

Foxit has released Foxit Reader 5.0, which addresses a security vulnerability that could potentially allow an attacker to execute malicious code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.3.1.0218 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed an issue of Foxit Reader when opening some affected PDF files.

Brett Gervasoni of Sense of Security Pty Ltd

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 4.3.1.0218

 

Release date: February 24, 2011

Platform: Windows

Summary

Foxit has released Foxit Reader 4.3.1.0218, which addresses a security vulnerability that could potentially allow an attacker to execute remote code.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.3 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed an issue of the Foxit Reader software that is caused by illegal accessing memory.

Secunia Research

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 4.2

 

Release date: September 29, 2010

Platform: Windows

Summary

Foxit has released Foxit Reader 4.2, which addresses a security vulnerability that could potentially allow an attacker to compromise the digital signature.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.1 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential identity theft issue caused by the security flaw of the digital signature.

Foxit

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 4.1.1.0805

 

Release date: August 6, 2010

Platform: Windows

Summary

Foxit has released Foxit Reader 4.1.1.0805, which addresses a security vulnerability that could potentially allow an attacker to execute controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.0 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential crash issue caused by the new iPhone/iPad jailbreak program efficiently and prevents the malicious attacks to your computer.

Foxit

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 4.0.0.0619

 

Release date: June 29, 2010

Platform: Windows

Summary

Foxit has released Foxit Reader 4.0.0.0619, which addresses a security vulnerability that could potentially allow an attacker to execute controlled crash.

Affected versions

Product

Affected versions

Platform

Foxit Reader

4.0 and earlier

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue caused by numerical overflow in the freetype engine when opening some PDF files.

David Seidman of Microsoft and Microsoft Vulnerability Research (MSVR)

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 3.2.1.0401

 

Release date: April 1, 2010

Platform: Windows

Summary

Foxit has released Foxit Reader 3.2.1.0401, which addresses a security vulnerability that could potentially allow an attacker to execute the embedded program inside a PDF.

Affected versions

Product

Affected versions

Platform

Foxit Reader

3.2.0.0303

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue that Foxit Reader runs an executable embedded program inside a PDF automatically without asking for user's permission.

Didier Stevens

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Firefox Plugin 1.1.2009.1117 for Foxit Reader

 

Release date: November 17, 2009

Platform: Windows

Summary

Foxit has released Firefox Plugin 1.1.2009.1117 for Foxit Reader, which addresses memory corruption vulnerability.

Affected versions

Product

Affected versions

Platform

Foxit Reader

3.1.2.1013 and 3.1.2.1030

Windows

Solution

  • Click here to download the updated version of Firefox Plugin for Foxit Reader.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue caused by an error in the Foxit Reader plugin for Firefox (npFoxitReaderPlugin.dll), which could be exploited to trigger a memory corruption.

Foxit and Secunia

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 3.0 and JPEG2000/JBIG2 Decoder

 

Release date: June 19, 2009

Platform: Windows

Summary

Foxit has released Foxit Reader 3.0 Build 1817 and JPEG2000/JBIG2 Decoder add-on version 2.0 Build 2009.616, which address security vulnerabilities that could potentially result in invalid address access.

Affected versions

Product

Affected versions

Platform

Foxit Reader

3.0

Windows

JPEG2000/JBIG2 Decoder Add-on

2.0.2009.303

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.
  • Click here to download the updated version of JPEG2000/JBIG2 Decoder Add-on.

Vulnerability details

Brief

Acknowledgement

Addressed a potential issue related to negative stream offset (in malicious JPEG2000 stream) which caused reading data from an out-of-bound address.

CERT

Addressed a potential issue related to error handling when decoding JPEG2000 header, an uncaught fatal error resulted a subsequent invalid address access.

CERT

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 3.0 Build 1506

 

Release date: March 9 2009

Platform: Windows

Summary

Foxit has released Foxit Reader 3.0 Build 1506, which addresses stack-based buffer overflow and security authorization bypass vulnerabilities.

Affected versions

Product

Affected versions

Platform

Foxit Reader

3.0

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.

Vulnerability details

Brief

Acknowledgement

Addressed a stack-based buffer overflow vulnerability.

Foxit Security Response Team

Addressed a security authorization bypass vulnerability.

Foxit Security Response Team

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in Foxit Reader 2.3 Build 3902

 

Release date: March 9 2009

Platform: Windows

Summary

Foxit has released Foxit Reader 2.3 Build 3902, which addresses security authorization bypass vulnerability.

Affected versions

Product

Affected versions

Platform

Foxit Reader

2.3

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of Foxit Reader.

Vulnerability details

Brief

Acknowledgement

Addressed a security authorization bypass vulnerability.

Foxit Security Response Team

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Security updates available in JPEG2000/JBIG Decoder Add-on 2.0.2009.303

 

Release date: March 9, 2009

Platform: Windows

Summary

Foxit has released JPEG2000/JBIG Decoder Add-on 2.0.2009.303, which addresses JBIG2 symbol dictionary processing vulnerability.

Affected versions

Product

Affected versions

Platform

JPEG2000/JBIG Decoder Add-on

2.0.2008.715 in Foxit Reader 3.0 and Foxit Reader 2.3

Windows

Solution

Update your applications to the latest versions by following one of the instructions below.

  • From the “Help” menu of Foxit Reader, go to “Check for Updates Now” and update to the latest version.
  • Click here to download the updated version of JPEG2000/JBIG Decoder Add-on.

Vulnerability details

Brief

Acknowledgement

Addressed a JBIG2 symbol dictionary processing vulnerability.

Secunia

For more information, please contact Foxit Security Response Team at security-ml@foxitsoftware.com.  

Ask Toolbar ToolbarSettings ActiveX Control Buffer Overflow

 

The ask.com toolbar Foxit is bundling, is not the same version as reported on secunia.com, and doesn't have the reported vulnerability.

Click here to check the related report on secunia.com