Foxit PhantomPDF < 8.3.1 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A PDF toolkit installed on the remote Windows host is affected by
multiple vulnerabilities.

Description :

According to its version, the Foxit PhantomPDF application (formally
known as Phantom) installed on the remote Windows host is prior to
8.3.1. It is, therefore, affected by multiple vulnerabilities :

- A use-after-free error exists in the AFParseDateEx()
function. An unauthenticated, remote attacker can
exploit this, by convincing a user to open a specially
crafted PDF document, to dereference already freed
memory and execute arbitrary code. (CVE-2017-10941)

- Multiple out-of-bounds read errors exist that are
triggered when handling specially crafted PDF files. An
unauthenticated, remote attacker can exploit these to
disclose sensitive information. (CVE-2017-10942,
CVE-2017-10943)

- An out-of-bounds read error exists due to improper
parsing of ObjStm objects. An unauthenticated, remote
attacker can exploit this to disclose sensitive
information. (CVE-2017-10944)

- A use-after-free error exists in the app.alert()
function. An unauthenticated, remote attacker can
exploit this, by convincing a user to open a specially
crafted PDF document, to dereference already freed
memory and execute arbitrary code. (CVE-2017-10945)

- A use-after-free error exists in the setItem() function.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF
document, to dereference already freed memory and
execute arbitrary code. (CVE-2017-10946)

- A use-after-free error exists in the print() function.
An unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF
document, to dereference already freed memory and
execute arbitrary code. (CVE-2017-10947)

- A use-after-free error exists in the app.execMenuItem()
function. An unauthenticated, remote attacker can
exploit this, by convincing a user to open a specially
crafted PDF document, to dereference already freed
memory and execute arbitrary code. (CVE-2017-10948)

- An unspecified arbitrary write flaw exists. An
unauthenticated, remote attacker can exploit this, by
convincing a user to open a specially crafted PDF
document, to execute arbitrary code. (CVE-2017-10994)

- A NULL pointer dereference flaw exists that allows an
unauthenticated, remote attacker to cause the
application to crash, resulting in a denial of service
condition. (VulnDB 160258)

- A security bypass vulnerability exists in the Trust
Manager due to a failure to honor the restriction of
JavaScript actions. An unauthenticated, remote attacker
can exploit this, by convincing a user to open a
specially crafted PDF document, to execute arbitrary
JavaScript functions. (VulnDB 160259)

- An unspecified flaw exists that is triggered by the use
of uninitialized data. An unauthenticated, remote
attacker can exploit this to cause a denial of service
condition. (VulnDB 160263)

See also :

https://www.foxitsoftware.com/support/security-bulletins.php

Solution :

Upgrade to Foxit PhantomPDF version 8.3.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now