CVE-2020-13557— Foxit Reader 资源管理错误漏洞

N/A

A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

N/A

释放后使用

Foxit Reader 资源管理错误漏洞

Foxit Reader是中国福昕（Foxit）公司的一款PDF文档阅读器。 Foxit PDF Reader版本10.1.0.37527 存在安全漏洞，该漏洞源于JavaScript引擎存在免费漏洞。一个特别制作的PDF文档可以触发以前空闲内存的重用，这可能导致任意代码的执行。攻击者可利用该漏洞需要欺骗用户打开恶意文件来触发此漏洞。如果浏览器插件扩展被启用，访问恶意站点也会触发该漏洞。

N/A

N/A