关键信息 CVE ID: CVE-2017-10944 CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Affected Vendor: Foxit Affected Product: Reader Vulnerability Details: - Description: The vulnerability allows remote attackers to disclose sensitive information by exploiting an out-of-bounds read issue in the parsing of ObjStm objects. User interaction is required to trigger this vulnerability. - Cause: Lack of proper validation of user-supplied data leading to a read past the end of an allocated object. - Impact: Can be leveraged alongside other vulnerabilities to execute arbitrary code. Additional Details: Foxit has issued an update to fix this vulnerability. More details: Foxit Security Bulletins Disclosure Timeline: - 2017-06-01: Vulnerability reported to vendor - 2017-07-07: Coordinated public release of advisory Credit: Ashfaq Ansari - Project Srishti