N/A

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692.

N/A

跨界内存写

Foxit PhantomPDF HTML2PDF插件缓冲区错误漏洞

Foxit PhantomPDF是中国福昕（Foxit）公司的一款PDF文档阅读器。HTML2PDF是其中的一个HTML到PDF格式转换器。 Foxit PhantomPDF中的HTML2PDF插件存在缓冲区错误漏洞，该漏洞源于程序没有正确验证用户提交的数据。攻击者可借助恶意的文件或页面利用该漏洞在当前进程的上下文中执行代码。

N/A

N/A