CVE-2018-5675 - OpenCVE

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Foxitsoftware	Phantompdf Reader

Configuration 1 [-]

OR	cpe:2.3:a:foxitsoftware:phantompdf::::::::
	cpe:2.3:a:foxitsoftware:reader::::::::

References

Link	Resource
http://www.securityfocus.com/bid/104300	Third Party Advisory VDB Entry
https://srcincite.io/advisories/src-2018-0013/	Third Party Advisory
https://www.foxitsoftware.com/support/security-bulletins.php	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-24T21:00:00

Updated: 2018-05-30T09:57:01

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5675

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-05-24T21:29:00.463

Modified: 2018-06-08T17:12:00.880

Link: CVE-2018-5675

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-30T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}, {"name": "104300", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104300"}, {"tags": ["x_refsource_MISC"], "url": "https://srcincite.io/advisories/src-2018-0013/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5675", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.foxitsoftware.com/support/security-bulletins.php", "refsource": "CONFIRM", "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}, {"name": "104300", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104300"}, {"name": "https://srcincite.io/advisories/src-2018-0013/", "refsource": "MISC", "url": "https://srcincite.io/advisories/src-2018-0013/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-5675", "datePublished": "2018-05-24T21:00:00", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2018-05-30T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxitsoftware:phantompdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "38BDD119-28A6-4DBE-83D8-05F7254AF603", "versionEndIncluding": "9.0.1.1049", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E5B83EA-C11B-41C3-9FC8-6281C1614801", "versionEndIncluding": "9.0.1.1049", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of specially crafted pdf files with embedded u3d images. Crafted data in the PDF file can trigger an out-of-bounds write on a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process."}, {"lang": "es", "value": "Esta vulnerabilidad permite que los atacantes remotos ejecuten c\u00f3digo arbitrario en instalaciones vulnerables de Foxit Reader en versiones anteriores a la 9.1 y PhantomPDF en versiones anteriores a la 9.1. Se requiere de interacci\u00f3n del usuario para explotar esta vulnerabilidad en la que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. El error espec\u00edfico existe en el procesamiento de archivos PDF especialmente manipulados con im\u00e1genes u3d embebidas. Los datos manipulados en el archivo PDF pueden desencadenar una escritura fuera de l\u00edmites en un b\u00fafer. Un atacante podr\u00eda aprovecharse de esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del actual proceso."}], "id": "CVE-2018-5675", "lastModified": "2018-06-08T17:12:00.880", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-24T21:29:00.463", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104300"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://srcincite.io/advisories/src-2018-0013/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}