ID CVE-2018-3956
Summary An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
References
Vulnerable Configurations
  • Foxitsoftware PhantomPDF 9.3.0.10826
    cpe:2.3:a:foxitsoftware:phantompdf:9.3.0.10826
  • cpe:2.3:a:foxitsoftware:reader:9.3.0.10826
    cpe:2.3:a:foxitsoftware:reader:9.3.0.10826
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
CVSS
Base: 5.8
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
nessus via4
  • NASL family Windows
    NASL id FOXIT_READER_9_4.NASL
    description The version of Foxit Reader installed on the remote Windows host is prior to 9.4. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read/write vulnerability and crash when handling XFA element attributes. (CVE-2018-3956) - A signature validation bypass vulnerability which could lead to incorrect validation results. (CVE-2018-18688, CVE-2018-18689) Additionally, the application was affected by multiple potential information disclosure, denial of service, and remote code execution vulnerabilities.
    last seen 2019-02-21
    modified 2019-01-30
    plugin id 121046
    published 2019-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121046
    title Foxit Reader < 9.4 Multiple Vulnerabilities
  • NASL family Windows
    NASL id FOXIT_PHANTOM_9_4.NASL
    description According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 9.4. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read/write vulnerability and crash when handling XFA element attributes. (CVE-2018-3956) - A signature validation bypass vulnerability which could lead to incorrect validation results. (CVE-2018-18688, CVE-2018-18689) Additionally, the application was affected by multiple potential information disclosure, denial of service, and remote code execution vulnerabilities.
    last seen 2019-02-21
    modified 2019-01-30
    plugin id 121045
    published 2019-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121045
    title Foxit PhantomPDF < 9.4 Multiple Vulnerabilities
  • NASL family Windows
    NASL id FOXIT_PHANTOM_8_3_9.NASL
    description According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 8.3.9. It is, therefore, affected by following vulnerabilities: - An out-of-bounds read/write vulnerability exists when handling certain XFA element attributes. This occurs due to improper calculation of a null-terminated character and may cause an application crash. (CVE-2018-3956) - A signature validation bypass vulnerability exists which provides incorrect results when validating certain PDF documents. (CVE-2018-18688/CVE-2018-18689)
    last seen 2019-02-21
    modified 2019-01-18
    plugin id 121246
    published 2019-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121246
    title Foxit PhantomPDF < 8.3.9 Multiple Vulnerabilities
refmap via4
misc https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0626
talos via4
id TALOS-2018-0626
last seen 2019-02-02
published 2019-01-03
reporter Talos Intelligence
source http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0626
title Foxit PDF Reader XFA xdpContent information leak vulnerability
Last major update 30-01-2019 - 17:29
Published 30-01-2019 - 17:29
Last modified 01-02-2019 - 09:28
Back to Top