This script is Copyright (C) 2017 Tenable Network Security, Inc.
A PDF toolkit installed on the remote Windows host is affected by
According to its version, the Foxit PhantomPDF application (formally
known as Phantom) installed on the remote Windows host is prior to
7.3.15. It is, therefore, affected by multiple vulnerabilities :
- An unspecified NULL pointer dereference flaw allows an
unauthenticated, remote attacker to cause a crash. (VulnDB 161627)
- An unspecified flaw related to use of uninitialized memory allows
an unauthenticated, remote attacker to cause a crash.
- An unspecified flaw in the Trust Manager causes the setting to
functions. (VulnDB 161629)
- An unspecified use-after-free error exists that allows an
unauthenticated, remote attacker to dereference already freed
memory, resulting in a denial of service or the execution of
arbitrary code. (VulnDB 161630)
- An unspecified out-of-bounds read flaw allows an unauthenticated,
remote attacker to disclose potentially sensitive information.
- An unspecified out-of-bounds write flaw allows an unauthenticated,
remote attacker to execute arbitrary code. (VULNDB 161631)
See also :
Upgrade to Foxit PhantomPDF version 7.3.15 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now