CVE-2018-9981

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5431.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.foxitsoftware.com/support/security-bulletins.php	Patch Vendor Advisory
https://zerodayinitiative.com/advisories/ZDI-18-379	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:foxitsoftware:foxit_reader::::::::
	cpe:2.3:a:foxitsoftware:phantompdf::::::::

History

No history.

Information

Published : 2018-05-17 15:29

Updated : 2023-12-10 12:30

NVD link : CVE-2018-9981

Mitre link : CVE-2018-9981

CVE.ORG link : CVE-2018-9981

JSON object : View

Products Affected

foxitsoftware

foxit_reader
phantompdf

CWE

CWE-824

Access of Uninitialized Pointer

{"id": "CVE-2018-9981", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-05-17T15:29:04.177", "references": [{"url": "https://www.foxitsoftware.com/support/security-bulletins.php", "tags": ["Patch", "Vendor Advisory"], "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://zerodayinitiative.com/advisories/ZDI-18-379", "tags": ["Third Party Advisory", "VDB Entry"], "source": "zdi-disclosures@trendmicro.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-824"}]}, {"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "description": [{"lang": "en", "value": "CWE-824"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5431."}, {"lang": "es", "value": "Esta vulnerabilidad permite que los atacantes remotos ejecuten c\u00f3digo arbitrario en instalaciones vulnerables de Foxit Reader 9.0.0.29935. Se requiere de interacci\u00f3n del usuario para explotar esta vulnerabilidad en la que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. Este error en concreto existe en el an\u00e1lisis de im\u00e1genes U3D. El problema resulta de la falta de inicializaci\u00f3n adecuada de un puntero antes de acceder a el. Un atacante podr\u00eda aprovecharse de esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del actual proceso. Anteriormente era ZDI-CAN-5431."}], "lastModified": "2019-10-09T23:43:26.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxitsoftware:foxit_reader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7A58B63-E44D-4EDE-BE3D-D2F1502224C2", "versionEndIncluding": "9.0.1.1049"}, {"criteria": "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38BDD119-28A6-4DBE-83D8-05F7254AF603", "versionEndIncluding": "9.0.1.1049"}], "operator": "OR"}]}], "sourceIdentifier": "zdi-disclosures@trendmicro.com"}