CVE-2021-31472
07.05.2021, 21:15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13011.Enginsight
Vendor | Product | Version |
---|---|---|
foxitsoftware | 3d | 𝑥 ≤ 9.7.4.29600 |
foxitsoftware | 3d | 𝑥 ≤ 9.7.4.29600 |
foxitsoftware | 3d | 10.0 ≤ 𝑥 ≤ 10.0.1.37598 |
foxitsoftware | 3d | 10.0 ≤ 𝑥 ≤ 10.0.1.37598 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.