CVE-2022-22150

A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1439	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:foxit:pdf_reader:11.1.0.52543:*:*:*:*:*:*:*

History

16 Jun 2022, 15:38

Type	Values Removed	Values Added
CWE	~~CWE-787~~	CWE-755

10 Feb 2022, 06:53

Type	Values Removed	Values Added
First Time		Foxit Foxit pdf Reader
CPE		cpe:2.3:a:foxit:pdf_reader:11.1.0.52543:::::::*
CWE		CWE-787
References	~~(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1439 -~~	(MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2022-1439 - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.8 v3 : 8.8

04 Feb 2022, 23:28

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-02-04 23:15

Updated : 2023-12-10 14:09

NVD link : CVE-2022-22150

Mitre link : CVE-2022-22150

CVE.ORG link : CVE-2022-22150

JSON object : View

Products Affected

foxit

pdf_reader

CWE

CWE-755

Improper Handling of Exceptional Conditions

CWE-460

Improper Cleanup on Thrown Exception

{"id": "CVE-2022-22150", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-02-04T23:15:12.980", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1439", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-755"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-460"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the JavaScript engine of Foxit Software\u2019s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de corrupci\u00f3n de memoria en el motor JavaScript de Foxit Software\"s PDF Reader, versi\u00f3n 11.1.0.52543. Un documento PDF especialmente dise\u00f1ado puede desencadenar una excepci\u00f3n que es manejada inapropiadamente, dejando el motor en un estado no v\u00e1lido, lo que puede conllevar a una corrupci\u00f3n de la memoria y una ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante necesita enga\u00f1ar al usuario para que abra el archivo malicioso para desencadenar esta vulnerabilidad. La explotaci\u00f3n tambi\u00e9n es posible si un usuario visita un sitio malicioso especialmente dise\u00f1ado si la extensi\u00f3n del plugin del navegador est\u00e1 habilitada"}], "lastModified": "2022-06-16T15:38:51.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_reader:11.1.0.52543:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D77CE8A-CB75-41CC-A305-4377C1DF89D8"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}