Foxit PDF SDK ActiveX < 5.5.1 Multiple Vulnerabilities

high Nessus Plugin ID 125924

Synopsis

A PDF toolkit installed on the remote Windows host is affected by multiple vulnerabilities.

Description

According to its version, the Foxit PDF SDK ActiveX application installed on the remote Windows host is prior to 5.5.1. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability exists due to a lack of security permission control which could allow LaunchURL actions and links to execute programs without a user's consent. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file, to execute arbitrary code.
(CVE-2018-19418, CVE-2018-19445, CVE-2018-19450, CVE-2018-19451)

- A remote code execution vulnerability exists due to a lack of security permission control which could allow javascript and exportasFDF to write arbitrary files without a user's consent. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file, to execute arbitrary code.
(CVE-2018-19446, CVE-2018-19449)

- A remote code execution vulnerability exists due to a stack buffer overflow in string1 URI parsing. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file, to execute arbitrary code. (CVE-2018-19447)

- A remote code execution vulnerability exists due to a use-after-free occurring when a javascript command is triggered by a mouse enter action or focus loss. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file, to execute arbitrary code. (CVE-2018-19452, CVE-2018-19444)

- A remote code execution vulnerability exists due to an uninitialized object reference as a result of a timer not ending when a form loses focus. An unauthenticated, remote attacker can exploit this by convincing a user to open a specially crafted file, to execute arbitrary code. (CVE-2018-19448)

Solution

Upgrade to Foxit PDF SDK ActiveX version 5.5.1 or later.

See Also

https://www.foxitsoftware.com/support/security-bulletins.php

Plugin Details

Severity: High

ID: 125924

File Name: foxit_pdf_activex_5_5_1.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 6/14/2019

Updated: 5/16/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-19418

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2018-19452

Vulnerability Information

CPE: cpe:/a:foxitsoftware:foxit_pdf_sdk_activex

Required KB Items: installed_sw/Foxit PDF SDK ActiveX

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/8/2019

Vulnerability Publication Date: 1/8/2019

Reference Information

CVE: CVE-2018-19418, CVE-2018-19444, CVE-2018-19445, CVE-2018-19446, CVE-2018-19447, CVE-2018-19448, CVE-2018-19449, CVE-2018-19450, CVE-2018-19451, CVE-2018-19452

BID: 108692