CVE-2018-9957:This is a vulnerability in Foxit Reader 9.0.1.1049 that allows remote attackers to execute arbitrary code on vulnerable installations. The flaw exists within the handling of XFA Button elements.

splash
Back

Description Preview

The vulnerability, identified as CVE-2018-9957, allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability, meaning the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When parsing arguments passed to the resetData method, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process.

Overview

This vulnerability is a Use After Free issue (CWE-416) that affects Foxit Reader 9.0.1.1049. The problem arises from improper validation of the existence of an object before performing operations on it. This flaw can be exploited by an attacker to execute arbitrary code under the context of the current process. The vulnerability was made public on 20th April 2018 and updated on 17th May 2018.

Remediation

Users of Foxit Reader 9.0.1.1049 are advised to update to the latest version of the software. Foxit has likely provided a patch to address this vulnerability in their security bulletins. Always be cautious when visiting web pages or opening files from untrusted sources.

References

  1. Zero Day Initiative Advisory: ZDI-18-341
  2. Foxit Security Bulletins: Foxit Security Bulletins

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Public Administration
    Public Administration
  4. Educational Services
    Educational Services
  5. Retail Trade
    Retail Trade
  6. Transportation & Warehousing
    Transportation & Warehousing
  7. Utilities
    Utilities
  8. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  9. Management of Companies & Enterprises
    Management of Companies & Enterprises
  10. Finance and Insurance
    Finance and Insurance
  11. Other Services (except Public Administration)
    Other Services (except Public Administration)
  12. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  13. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  14. Construction
    Construction
  15. Information
    Information
  16. Wholesale Trade
    Wholesale Trade
  17. Accommodation & Food Services
    Accommodation & Food Services
  18. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  19. Mining
    Mining
  20. Real Estate Rental & Leasing
    Real Estate Rental & Leasing

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background