N/A

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the formNodes method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5018.

N/A

使用不兼容类型访问资源(类型混淆)

Foxit Reader 代码问题漏洞

Foxit Reader是中国福昕（Foxit）公司的一款PDF文档阅读器。 Foxit Reader 8.3.1.21155版本中的XFA Node对象的formNodes方法存在代码问题漏洞，该漏洞源于程序没有正确验证用户提交的数据。远程攻击者可借助恶意的页面或文件利用该漏洞在当前进程的上下文中执行任意代码（类型混淆）。

N/A

N/A