N/A

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportValues property of a radio button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7068.

N/A

释放后使用

Foxit Reader和Foxit PhantomPDF for Windows 安全漏洞

Foxit Reader for Windows是中国福昕（Foxit）软件公司的一款基于Windows平台的PDF文档阅读器。Foxit PhantomPDF for Windows是它的商业版。 基于Windows平台的Foxit Reader 9.2.0.9297及之前版本和Foxit PhantomPDF 9.2.0.9297及之前版本中radio button的exportValues属性的处理过程存在释放后重用漏洞，该漏洞源于在对对象执行操作之前，程序未能验证该对象是否存在。远程攻击者可借助恶

N/A

N/A