CVE-2018-9958
CVE-2018-9958
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.
Produtos afetados
Foxit · Foxit ReaderPoCs públicas encontradas — 7
githubgithub.com/t3rabyt3-zz/CVE-2018-9958--Exploit★ 1exploitdbwww.exploit-db.com/exploits/49116não verificadoexploitdbwww.exploit-db.com/exploits/44941não verificadoexploitdbwww.exploit-db.com/exploits/45269não verificadocve_referencewww.exploit-db.com/exploits/44941/não verificadocve_referencewww.exploit-db.com/exploits/45269/não verificadocve_referencepacketstormsecurity.com/files/160240/Foxit-Reader-9.0.1.1049-Arbitrary-Code-Execution.htmlnão verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/160240/Foxit-Reader-9.0.1.1049-Arbitrary-Code-Execution.htmlhttps://www.exploit-db.com/exploits/44941/https://www.exploit-db.com/exploits/45269/https://www.foxitsoftware.com/support/security-bulletins.phphttps://zerodayinitiative.com/advisories/ZDI-18-342