Home / os / bsd

Foxit PDF Reader 9.0.1.1049 Pointer Overwrite Use-After-Free

Posted on 24 August 2018

Foxit PDF Reader version 9.0.1.1049 has a use-after-free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain can be constructed that will execute when Foxit Reader performs the UAF.

 

TOP

Malware :

Exploits :