CVE-2009-0836Improper Restriction of Operations within the Bounds of a Memory Buffer in Reader

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
10.8%
top 6.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Foxitsoftware Reader
Timeline
PublishedMar 10
Latest updateMay 2

Description

Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDfoxitsoftware/reader2.3, 3.0+1

Patches

Patch: www.foxitsoftware.comPatch: www.foxitsoftware.com

🔴Vulnerability Details

2
GHSA
GHSA-xp5q-j3fq-3qw3: Foxit Reader 22022-05-02
CVEList
CVE-2009-0836: Foxit Reader 22009-03-10
CVE-2009-0836 — Foxitsoftware Reader vulnerability | cvebase