Vulnerabilities > CVE-2016-6168 - Use After Free vulnerability in Foxitsoftware Foxit Reader

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
foxitsoftware
CWE-416
nessus
NVD
Published: 2018-02-07
Updated: 2018-02-24

Summary

Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.

Vulnerable Configurations

Part Description Count
Application
Foxitsoftware
147

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idFOXIT_PHANTOM_7_3_9.NASL
    descriptionAccording to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 7.3.9. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-04-30
    modified2018-11-28
    plugin id119259
    published2018-11-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119259
    titleFoxit PhantomPDF < 7.3.9 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idFOXIT_PHANTOM_8_1_1.NASL
    descriptionAccording to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-04-30
    modified2018-11-28
    plugin id119263
    published2018-11-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119263
    titleFoxit PhantomPDF < 8.1.1 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idFOXIT_PHANTOM_8_0.NASL
    descriptionAccording to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 8.0. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-04-30
    modified2018-11-28
    plugin id119260
    published2018-11-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119260
    titleFoxit PhantomPDF < 8.0 Multiple Vulnerabilities

References