|CERT-In Vulnerability Note
Multiple Vulnerabilities in Foxit Reader and Phantom PDF
Original Issue Date:December 24, 2020
Severity Rating: HIGH
- Foxit Reader versions 10.1.0.37527 and earlier
- Foxit Phantom PDF versions 10.1.0.37527 and earlier
Multiple vulnerabilities have been reported in Foxit Reader and Phantom PDF which could allow a remote attacker to cause Out-of-Bounds Write Remote Code Execution, Type Confusion Memory Corruption, denial of service condition or execute arbitrary code on the target system.
These vulnerabilities exist due to insufficient validation of objects, incorrect processing of PDF files, lack of proper validation when an incorrect argument is passed to the app.media.openPlayer function, access or use of a deleted pointer and array overflow issue. A remote attacker could exploit these vulnerabilities by sending specially crafted malicious file on the target system.
Successful exploitation of these vulnerabilities could allow the attacker to cause Out-of-Bounds Write Remote Code Execution, Type Confusion Memory Corruption, denial of service condition or execute arbitrary code on the target system.
Upgrade to the Foxit Reader 10.1.1 and Foxit Phantom PDF 10.1.1
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003