cnvd - cnvd-2018-25196

cnvd-2018-25196

Vulnerability from cnvd

Title: Foxit Reader和Foxit PhantomPDF for Windows内存错误引用漏洞（CNVD-2018-25196）

Description:

Foxit Reader for Windows是中国福昕（Foxit）软件公司的一款基于Windows平台的PDF文档阅读器。Foxit PhantomPDF for Windows是它的商业版。

基于Windows平台的Foxit Reader 9.2.0.9297及之前版本和Foxit PhantomPDF 9.2.0.9297及之前版本中text字段的richValue属性的处理过程存在内存错误引用漏洞，该漏洞源于程序在对对象执行操作之前，未能验证该对象是否存在。远程攻击者可借助特制的页面或文件利用该漏洞在当前进程的上下文中执行代码。

Severity: 高

Patch Name: Foxit Reader和Foxit PhantomPDF for Windows内存错误引用漏洞（CNVD-2018-25196）的补丁

Patch Description:

Foxit Reader for Windows是中国福昕（Foxit）软件公司的一款基于Windows平台的PDF文档阅读器。Foxit PhantomPDF for Windows是它的商业版。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.foxitsoftware.com/support/security-bulletins.php

Reference: https://www.zerodayinitiative.com/advisories/ZDI-18-1219/

Impacted products

Name
['Foxit PhantomPDF <=9.2.0.9297', 'Foxit Foxit Reader for Windows <=9.2.0.9297']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-17698",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17698"
    }
  },
  "description": "Foxit Reader for Windows\u662f\u4e2d\u56fd\u798f\u6615\uff08Foxit\uff09\u8f6f\u4ef6\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684PDF\u6587\u6863\u9605\u8bfb\u5668\u3002Foxit PhantomPDF for Windows\u662f\u5b83\u7684\u5546\u4e1a\u7248\u3002\n\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Foxit Reader 9.2.0.9297\u53ca\u4e4b\u524d\u7248\u672c\u548cFoxit PhantomPDF 9.2.0.9297\u53ca\u4e4b\u524d\u7248\u672c\u4e2dtext\u5b57\u6bb5\u7684richValue\u5c5e\u6027\u7684\u5904\u7406\u8fc7\u7a0b\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5728\u5bf9\u5bf9\u8c61\u6267\u884c\u64cd\u4f5c\u4e4b\u524d\uff0c\u672a\u80fd\u9a8c\u8bc1\u8be5\u5bf9\u8c61\u662f\u5426\u5b58\u5728\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u9875\u9762\u6216\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "Anonymous",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.foxitsoftware.com/support/security-bulletins.php",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-25196",
  "openTime": "2018-12-13",
  "patchDescription": "Foxit Reader for Windows\u662f\u4e2d\u56fd\u798f\u6615\uff08Foxit\uff09\u8f6f\u4ef6\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684PDF\u6587\u6863\u9605\u8bfb\u5668\u3002Foxit PhantomPDF for Windows\u662f\u5b83\u7684\u5546\u4e1a\u7248\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Foxit Reader 9.2.0.9297\u53ca\u4e4b\u524d\u7248\u672c\u548cFoxit PhantomPDF 9.2.0.9297\u53ca\u4e4b\u524d\u7248\u672c\u4e2dtext\u5b57\u6bb5\u7684richValue\u5c5e\u6027\u7684\u5904\u7406\u8fc7\u7a0b\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5728\u5bf9\u5bf9\u8c61\u6267\u884c\u64cd\u4f5c\u4e4b\u524d\uff0c\u672a\u80fd\u9a8c\u8bc1\u8be5\u5bf9\u8c61\u662f\u5426\u5b58\u5728\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u9875\u9762\u6216\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u8fdb\u7a0b\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Foxit Reader\u548cFoxit PhantomPDF for Windows\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2018-25196\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Foxit PhantomPDF \u003c=9.2.0.9297",
      "Foxit Foxit Reader for Windows \u003c=9.2.0.9297"
    ]
  },
  "referenceLink": "https://www.zerodayinitiative.com/advisories/ZDI-18-1219/",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-17",
  "title": "Foxit Reader\u548cFoxit PhantomPDF for Windows\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2018-25196\uff09"
}

CVE-2018-17698 (GCVE-0-2018-17698)

Vulnerability from cvelistv5

Published

2019-01-24 04:00

Modified

2024-08-05 10:54

Severity ?

CWE

CWE-416 - Use After Free

Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7067.

References

▼	URL	Tags
	https://www.foxitsoftware.com/support/security-bulletins.php	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-18-1219/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Foxit	PhantomPDF	Version: 9.2.0.9297

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:54:10.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1219/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PhantomPDF",
          "vendor": "Foxit",
          "versions": [
            {
              "status": "affected",
              "version": "9.2.0.9297"
            }
          ]
        }
      ],
      "datePublic": "2019-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7067."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-24T03:57:01",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1219/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2018-17698",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PhantomPDF",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.2.0.9297"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Foxit"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7067."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416: Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.foxitsoftware.com/support/security-bulletins.php",
              "refsource": "CONFIRM",
              "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1219/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1219/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2018-17698",
    "datePublished": "2019-01-24T04:00:00",
    "dateReserved": "2018-09-28T00:00:00",
    "dateUpdated": "2024-08-05T10:54:10.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted