Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-9958

EPSS 86.46% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-9958

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Foxit Reader 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Foxit Reader是中国福昕(Foxit)公司的一款PDF文档阅读器。 Foxit Reader 9.0.1.1049版本中Text Annotations的处理存在资源管理错误漏洞,该漏洞源于程序在对对象执行操作之前,没有验证该对象是否存在。远程攻击者可借助恶意的页面或文件利用该漏洞在当前进程的上下文中执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
FoxitFoxit Reader 9.0.1.1049 -

II. Public POCs for CVE-2018-9958

#POC DescriptionSource LinkShenlong Link
1This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process.https://github.com/t3rabyt3-zz/CVE-2018-9958--ExploitPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-9958

登录查看更多情报信息。

Same Patch Batch · Foxit · 2018-05-17 · 80 CVEs total

CVE-2018-9948Foxit Reader 安全漏洞
CVE-2018-9949Foxit Reader 缓冲区错误漏洞
CVE-2018-9964Foxit Reader 安全漏洞
CVE-2018-9951Foxit Reader 安全漏洞
CVE-2018-9952Foxit Reader 安全漏洞
CVE-2018-9950Foxit Reader 缓冲区错误漏洞
CVE-2018-9947Foxit Reader 安全漏洞
CVE-2018-9946Foxit Reader 信息泄露漏洞
CVE-2018-9945Foxit Reader 安全漏洞
CVE-2018-9944Foxit Reader 安全漏洞
CVE-2018-9953Foxit Reader 安全漏洞
CVE-2018-9954Foxit Reader 安全漏洞
CVE-2018-9955Foxit Reader 安全漏洞
CVE-2018-9956Foxit Reader 安全漏洞
CVE-2018-9957Foxit Reader 安全漏洞
CVE-2018-9959Foxit Reader 安全漏洞
CVE-2018-9960Foxit Reader 安全漏洞
CVE-2018-9961Foxit Reader 安全漏洞
CVE-2018-9962Foxit Reader 安全漏洞
CVE-2018-9963Foxit Reader 缓冲区错误漏洞

Showing top 20 of 80 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Foxit Reader
Same vendor: Foxit
Same weakness: CWE-416

V. Comments for CVE-2018-9958

No comments yet

Leave a comment