Lucene search

[email protected]CVE-2021-34966

HistoryMay 07, 2024 - 11:15 p.m.

CVE-2021-34966

2024-05-0723:15:00

[email protected]

web.nvd.nist.gov

cve-2021-34966

fileattachment annotation

use-after-free

remote code execution

vulnerability

foxit pdf editor

user interaction

malicious file

mischievous page

annotation objects

validation flaw

zdi-can-14367

nvd

7.8 High

CVSS3

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.3%

JSON

Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367.

References

www.foxit.com/support/security-bulletins.html

www.zerodayinitiative.com/advisories/ZDI-21-1197/

7.8 High

CVSS3

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.3%

JSON

Related for CVE-2021-34966

zdi1 cvelist1 nessus3