Severity Rating: HIGH
Software Affected
Foxit Reader versions 10.1.0.37527 and earlier
Foxit Phantom PDF versions 10.1.0.37527 and earlier
Overview
Multiple vulnerabilities have been reported in Foxit Reader and Phantom PDF
which could allow a remote attacker to cause Out-of-Bounds Write Remote
Code Execution, Type Confusion Memory Corruption, denial of service
condition or execute arbitrary code on the target system.
Description
These vulnerabilities exist due to insufficient validation of objects,
incorrect processing of PDF files, lack of proper validation when an
incorrect argument is passed to the app.media.openPlayer function, access
or use of a deleted pointer and array overflow issue. A remote attacker
could exploit these vulnerabilities by sending specially crafted malicious
file on the target system.
Successful exploitation of these vulnerabilities could allow the attacker
to cause Out-of-Bounds Write Remote Code Execution, Type Confusion Memory
Corruption, denial of service condition or execute arbitrary code on the
target system.
Solution
Upgrade to the Foxit Reader 10.1.1 and Foxit Phantom PDF 10.1.1
Vendor Information
Foxit Software
References
Foxit Software
CyberSecurityHelp
CVE Name
CVE-2020-27860
CVE-2020-13547
CVE-2020-13548
CVE-2020-13557
CVE-2020-13560
CVE-2020-13570
CVE-2020-28203
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.