Multiple vulnerabilities reported in the Foxit PDF reader allows an attacker to execute the arbitrary code on the user’s system and obtain sensitive information. The vulnerability affects all the versions of Foxit Reader and Foxit PhantomPDF.
Foxit is the most popular free software for creating, editing and viewing PDF documents. Security researchers from Cisco Talos, Threat Response, Trend Micro’s Zero Day Initiative Foxit PDF Reader vulnerabilities.
CVE-2018-3843 – Type confusion vulnerability in the way Foxit reader handles the files with associated extensions.
CVE-2018-3850 – the use-after-free vulnerability that resulting in sensitive memory disclosure or, potentially, arbitrary code execution.
Assaf Baharav of Threat Response Research Team Addressed a potential issue where the application could be exposed to Remote Code Execution by abusing GoToE & GoToR Actions.
Ye Yint Min Thu htut Addressed a potential issue where the application could be exposed to Unsafe DLL Loading vulnerability that could be exploited by attackers to execute remote code.