Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-37381

Опубликовано: 29 мар. 2023
Источник: nvd
CVSS3: 7.8
CVSS3: 7.8
EPSS Низкий

Описание

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSpecial_KeystrokeEx method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17110.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
Версия до 10.1.9 (исключая)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
Версия от 11.0.0 (включая) до 11.2.3 (исключая)
cpe:2.3:a:foxit:pdf_editor:12.0.0.12394:*:*:*:*:*:*:*
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*
Версия до 12.0.1 (исключая)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 87%
0.03533
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-416
CWE-416

Связанные уязвимости

github логотип

GHSA-366x-2hwp-qq45

CVSS3: 7.8
github
почти 3 года назад

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSpecial_KeystrokeEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17110.

EPSS

Процентиль: 87%
0.03533
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-416
CWE-416