diff --git a/2018/10xxx/CVE-2018-10473.json b/2018/10xxx/CVE-2018-10473.json index 7d691c29da0..6f38a21276c 100644 --- a/2018/10xxx/CVE-2018-10473.json +++ b/2018/10xxx/CVE-2018-10473.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10473", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D CLOD Base Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5392." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-787-Out-of-bounds Write" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-383" } ] } diff --git a/2018/10xxx/CVE-2018-10474.json b/2018/10xxx/CVE-2018-10474.json index ddc72b3bf17..6d21b153d03 100644 --- a/2018/10xxx/CVE-2018-10474.json +++ b/2018/10xxx/CVE-2018-10474.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10474", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Shading objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5393." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-787-Out-of-bounds Write" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-384" } ] } diff --git a/2018/10xxx/CVE-2018-10475.json b/2018/10xxx/CVE-2018-10475.json index e0ab50e0d89..630698fe936 100644 --- a/2018/10xxx/CVE-2018-10475.json +++ b/2018/10xxx/CVE-2018-10475.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10475", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Light Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5394." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-385" } ] } diff --git a/2018/10xxx/CVE-2018-10476.json b/2018/10xxx/CVE-2018-10476.json index bd1004c0626..1c915205a72 100644 --- a/2018/10xxx/CVE-2018-10476.json +++ b/2018/10xxx/CVE-2018-10476.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10476", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Model Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5395." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-386" } ] } diff --git a/2018/10xxx/CVE-2018-10477.json b/2018/10xxx/CVE-2018-10477.json index 15e933845cd..74a10d1f35c 100644 --- a/2018/10xxx/CVE-2018-10477.json +++ b/2018/10xxx/CVE-2018-10477.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10477", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Chain Index objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5396." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-787-Out-of-bounds Write" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-387" } ] } diff --git a/2018/10xxx/CVE-2018-10478.json b/2018/10xxx/CVE-2018-10478.json index 330a0fe41b8..54f02ddd85f 100644 --- a/2018/10xxx/CVE-2018-10478.json +++ b/2018/10xxx/CVE-2018-10478.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10478", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Texture Coord Dimensions objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5397." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-388" } ] } diff --git a/2018/10xxx/CVE-2018-10479.json b/2018/10xxx/CVE-2018-10479.json index 657f40e42c8..ae8e37a3f8f 100644 --- a/2018/10xxx/CVE-2018-10479.json +++ b/2018/10xxx/CVE-2018-10479.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10479", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Key Frame structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5399." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-389" } ] } diff --git a/2018/10xxx/CVE-2018-10480.json b/2018/10xxx/CVE-2018-10480.json index 03f2986ce9e..643124e1b9b 100644 --- a/2018/10xxx/CVE-2018-10480.json +++ b/2018/10xxx/CVE-2018-10480.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10480", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the U3D Node Name buffer. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5401." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-390" } ] } diff --git a/2018/10xxx/CVE-2018-10481.json b/2018/10xxx/CVE-2018-10481.json index b9a1a24c49e..6d7d0863c3d 100644 --- a/2018/10xxx/CVE-2018-10481.json +++ b/2018/10xxx/CVE-2018-10481.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10481", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D Texture Resource structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5408." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-391" } ] } diff --git a/2018/10xxx/CVE-2018-10482.json b/2018/10xxx/CVE-2018-10482.json index 20d789ed73f..cd38fa5000d 100644 --- a/2018/10xxx/CVE-2018-10482.json +++ b/2018/10xxx/CVE-2018-10482.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10482", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the U3D Texture Image Format object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5409." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-392" } ] } diff --git a/2018/10xxx/CVE-2018-10483.json b/2018/10xxx/CVE-2018-10483.json index 01c23d6b3b7..5cd8dc859d5 100644 --- a/2018/10xxx/CVE-2018-10483.json +++ b/2018/10xxx/CVE-2018-10483.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10483", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5410." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-787-Out-of-bounds Write" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-393" } ] } diff --git a/2018/10xxx/CVE-2018-10484.json b/2018/10xxx/CVE-2018-10484.json index 5f286dfbaa2..7983c191732 100644 --- a/2018/10xxx/CVE-2018-10484.json +++ b/2018/10xxx/CVE-2018-10484.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10484", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Node objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5411." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-665-Improper Initialization" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-394" } ] } diff --git a/2018/10xxx/CVE-2018-10485.json b/2018/10xxx/CVE-2018-10485.json index af4cf019828..f062defd6f3 100644 --- a/2018/10xxx/CVE-2018-10485.json +++ b/2018/10xxx/CVE-2018-10485.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10485", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within U3D Texture Height structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5412." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-395" } ] } diff --git a/2018/10xxx/CVE-2018-10486.json b/2018/10xxx/CVE-2018-10486.json index 337819659c6..1652d55d286 100644 --- a/2018/10xxx/CVE-2018-10486.json +++ b/2018/10xxx/CVE-2018-10486.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10486", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Image Index. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5418." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-396" } ] } diff --git a/2018/10xxx/CVE-2018-10487.json b/2018/10xxx/CVE-2018-10487.json index 88c8d5a54d8..67a94093483 100644 --- a/2018/10xxx/CVE-2018-10487.json +++ b/2018/10xxx/CVE-2018-10487.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10487", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files embedded inside PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5419." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-397" } ] } diff --git a/2018/10xxx/CVE-2018-10488.json b/2018/10xxx/CVE-2018-10488.json index db69713e321..f27c60dab3b 100644 --- a/2018/10xxx/CVE-2018-10488.json +++ b/2018/10xxx/CVE-2018-10488.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10488", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Texture Width structures. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5420." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-122-Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-398" } ] } diff --git a/2018/10xxx/CVE-2018-10489.json b/2018/10xxx/CVE-2018-10489.json index 5f698db5659..c43d585854c 100644 --- a/2018/10xxx/CVE-2018-10489.json +++ b/2018/10xxx/CVE-2018-10489.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10489", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Declaration structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5421." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-787-Out-of-bounds Write" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-399" } ] } diff --git a/2018/10xxx/CVE-2018-10490.json b/2018/10xxx/CVE-2018-10490.json index 895da0ce9cb..8cac0fb5439 100644 --- a/2018/10xxx/CVE-2018-10490.json +++ b/2018/10xxx/CVE-2018-10490.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10490", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG images embedded inside U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5422." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-119-Improper Restriction of Operations within the Bounds of a Memory Buffer" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-400" } ] } diff --git a/2018/10xxx/CVE-2018-10491.json b/2018/10xxx/CVE-2018-10491.json index 9c1175fa6fc..d509ab0d1b8 100644 --- a/2018/10xxx/CVE-2018-10491.json +++ b/2018/10xxx/CVE-2018-10491.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10491", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Bone Weight Modifier structures. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5423." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-787-Out-of-bounds Write" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-401" } ] } diff --git a/2018/10xxx/CVE-2018-10492.json b/2018/10xxx/CVE-2018-10492.json index b4cf3701c6c..6890697ee90 100644 --- a/2018/10xxx/CVE-2018-10492.json +++ b/2018/10xxx/CVE-2018-10492.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10492", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5424." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-402" } ] } diff --git a/2018/10xxx/CVE-2018-10493.json b/2018/10xxx/CVE-2018-10493.json index 7ccb1eba215..3fcbc325503 100644 --- a/2018/10xxx/CVE-2018-10493.json +++ b/2018/10xxx/CVE-2018-10493.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10493", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Final Maximum Resolution attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5426." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-403" } ] } diff --git a/2018/10xxx/CVE-2018-10494.json b/2018/10xxx/CVE-2018-10494.json index 5edcebe77b4..2d214201577 100644 --- a/2018/10xxx/CVE-2018-10494.json +++ b/2018/10xxx/CVE-2018-10494.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10494", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D 3DView objects. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5493." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-121-Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-404" } ] } diff --git a/2018/10xxx/CVE-2018-10495.json b/2018/10xxx/CVE-2018-10495.json index 7e7cd29bc03..5905df72ab9 100644 --- a/2018/10xxx/CVE-2018-10495.json +++ b/2018/10xxx/CVE-2018-10495.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-10495", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5586." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-405" } ] } diff --git a/2018/1xxx/CVE-2018-1173.json b/2018/1xxx/CVE-2018-1173.json index 20485bd790a..e1be3402668 100644 --- a/2018/1xxx/CVE-2018-1173.json +++ b/2018/1xxx/CVE-2018-1173.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-1173", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA borderColor attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5436." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-311" } ] } diff --git a/2018/1xxx/CVE-2018-1174.json b/2018/1xxx/CVE-2018-1174.json index 47151051839..586467e2373 100644 --- a/2018/1xxx/CVE-2018-1174.json +++ b/2018/1xxx/CVE-2018-1174.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-1174", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the bitmapDPI attribute of PrintParams objects. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5437." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-665-Improper Initialization" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-312" } ] } diff --git a/2018/1xxx/CVE-2018-1175.json b/2018/1xxx/CVE-2018-1175.json index 0e0995f8419..98e7dc11f02 100644 --- a/2018/1xxx/CVE-2018-1175.json +++ b/2018/1xxx/CVE-2018-1175.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-1175", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the interactive attribute of PrintParams objects. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5438." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-665-Improper Initialization" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-313" } ] } diff --git a/2018/1xxx/CVE-2018-1176.json b/2018/1xxx/CVE-2018-1176.json index 4bc3293a482..4bd37ef255e 100644 --- a/2018/1xxx/CVE-2018-1176.json +++ b/2018/1xxx/CVE-2018-1176.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-1176", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5442." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-787-Out-of-bounds Write" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-314" } ] } diff --git a/2018/1xxx/CVE-2018-1177.json b/2018/1xxx/CVE-2018-1177.json index 283b2f0c7e3..80a4b698d8d 100644 --- a/2018/1xxx/CVE-2018-1177.json +++ b/2018/1xxx/CVE-2018-1177.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-1177", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5488." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-315" } ] } diff --git a/2018/1xxx/CVE-2018-1178.json b/2018/1xxx/CVE-2018-1178.json index d5d28f2a2a7..ac61bb2f7f0 100644 --- a/2018/1xxx/CVE-2018-1178.json +++ b/2018/1xxx/CVE-2018-1178.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-1178", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5489." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-316" } ] } diff --git a/2018/1xxx/CVE-2018-1179.json b/2018/1xxx/CVE-2018-1179.json index d0aa9cc2043..1c3f38239f1 100644 --- a/2018/1xxx/CVE-2018-1179.json +++ b/2018/1xxx/CVE-2018-1179.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-1179", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DataSubBlock structures in GIF images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5490." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-317" } ] } diff --git a/2018/1xxx/CVE-2018-1180.json b/2018/1xxx/CVE-2018-1180.json index 2125602db48..8f839b50239 100644 --- a/2018/1xxx/CVE-2018-1180.json +++ b/2018/1xxx/CVE-2018-1180.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-1180", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSimple_Calculate method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5491." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-318" } ] } diff --git a/2018/9xxx/CVE-2018-9935.json b/2018/9xxx/CVE-2018-9935.json index 00392d876a0..714b32a4aba 100644 --- a/2018/9xxx/CVE-2018-9935.json +++ b/2018/9xxx/CVE-2018-9935.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9935", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "8.3.2.25013" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5312." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-319" } ] } diff --git a/2018/9xxx/CVE-2018-9936.json b/2018/9xxx/CVE-2018-9936.json index 7e649c23f12..c5a861d547d 100644 --- a/2018/9xxx/CVE-2018-9936.json +++ b/2018/9xxx/CVE-2018-9936.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9936", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of field elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5370." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-704-Incorrect Type Conversion or Cast" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-320" } ] } diff --git a/2018/9xxx/CVE-2018-9937.json b/2018/9xxx/CVE-2018-9937.json index 474c17bd07d..b2ba17b4cb2 100644 --- a/2018/9xxx/CVE-2018-9937.json +++ b/2018/9xxx/CVE-2018-9937.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9937", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of subform elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5371." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-704-Incorrect Type Conversion or Cast" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-321" } ] } diff --git a/2018/9xxx/CVE-2018-9938.json b/2018/9xxx/CVE-2018-9938.json index f6a0db7729e..9a5e02807b4 100644 --- a/2018/9xxx/CVE-2018-9938.json +++ b/2018/9xxx/CVE-2018-9938.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9938", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5372." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-704-Incorrect Type Conversion or Cast" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-322" } ] } diff --git a/2018/9xxx/CVE-2018-9939.json b/2018/9xxx/CVE-2018-9939.json index fbf28b8517a..c6b5cdffeb3 100644 --- a/2018/9xxx/CVE-2018-9939.json +++ b/2018/9xxx/CVE-2018-9939.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9939", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of layout elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5373." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-704-Incorrect Type Conversion or Cast" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-323" } ] } diff --git a/2018/9xxx/CVE-2018-9940.json b/2018/9xxx/CVE-2018-9940.json index 5320c5cae72..9abf3c794ff 100644 --- a/2018/9xxx/CVE-2018-9940.json +++ b/2018/9xxx/CVE-2018-9940.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9940", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the layout sheet attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5374." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-704-Incorrect Type Conversion or Cast" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-324" } ] } diff --git a/2018/9xxx/CVE-2018-9941.json b/2018/9xxx/CVE-2018-9941.json index 5cc335abe48..122d5a9ee14 100644 --- a/2018/9xxx/CVE-2018-9941.json +++ b/2018/9xxx/CVE-2018-9941.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9941", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record append method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5375." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-704-Incorrect Type Conversion or Cast" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-325" } ] } diff --git a/2018/9xxx/CVE-2018-9942.json b/2018/9xxx/CVE-2018-9942.json index 6ee7b52cf54..64ce16ef236 100644 --- a/2018/9xxx/CVE-2018-9942.json +++ b/2018/9xxx/CVE-2018-9942.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9942", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record remove method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5376." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-704-Incorrect Type Conversion or Cast" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-326" } ] } diff --git a/2018/9xxx/CVE-2018-9943.json b/2018/9xxx/CVE-2018-9943.json index c22b8f01935..12b09bb7d14 100644 --- a/2018/9xxx/CVE-2018-9943.json +++ b/2018/9xxx/CVE-2018-9943.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9943", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openList method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5377." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-704-Incorrect Type Conversion or Cast" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-327" } ] } diff --git a/2018/9xxx/CVE-2018-9944.json b/2018/9xxx/CVE-2018-9944.json index 207a1d43a89..a93595d0fc6 100644 --- a/2018/9xxx/CVE-2018-9944.json +++ b/2018/9xxx/CVE-2018-9944.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9944", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addLink method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5379." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-328" } ] } diff --git a/2018/9xxx/CVE-2018-9945.json b/2018/9xxx/CVE-2018-9945.json index 0e0b9c02aaa..dc5b999fa96 100644 --- a/2018/9xxx/CVE-2018-9945.json +++ b/2018/9xxx/CVE-2018-9945.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9945", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5382." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-329" } ] } diff --git a/2018/9xxx/CVE-2018-9946.json b/2018/9xxx/CVE-2018-9946.json index c33cd89c64c..84b08f2fb7e 100644 --- a/2018/9xxx/CVE-2018-9946.json +++ b/2018/9xxx/CVE-2018-9946.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9946", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setTimeOut method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5471." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-330" } ] } diff --git a/2018/9xxx/CVE-2018-9947.json b/2018/9xxx/CVE-2018-9947.json index 74afe69aa38..22e5b35eb9d 100644 --- a/2018/9xxx/CVE-2018-9947.json +++ b/2018/9xxx/CVE-2018-9947.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9947", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5472." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-122-Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-331" } ] } diff --git a/2018/9xxx/CVE-2018-9948.json b/2018/9xxx/CVE-2018-9948.json index bdccfde78bb..feeaa889141 100644 --- a/2018/9xxx/CVE-2018-9948.json +++ b/2018/9xxx/CVE-2018-9948.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9948", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-824-Access of Uninitialized Pointer" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-332" } ] } diff --git a/2018/9xxx/CVE-2018-9949.json b/2018/9xxx/CVE-2018-9949.json index d2d25016c3b..ca9e2c14965 100644 --- a/2018/9xxx/CVE-2018-9949.json +++ b/2018/9xxx/CVE-2018-9949.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9949", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIFF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5473." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-122-Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-333" } ] } diff --git a/2018/9xxx/CVE-2018-9950.json b/2018/9xxx/CVE-2018-9950.json index d1efa033425..13e8ba5652a 100644 --- a/2018/9xxx/CVE-2018-9950.json +++ b/2018/9xxx/CVE-2018-9950.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9950", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5413." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-334" } ] } diff --git a/2018/9xxx/CVE-2018-9951.json b/2018/9xxx/CVE-2018-9951.json index 39e574f8e32..d5d6c5e4cb4 100644 --- a/2018/9xxx/CVE-2018-9951.json +++ b/2018/9xxx/CVE-2018-9951.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9951", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CPDF_Object objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5414." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-335" } ] } diff --git a/2018/9xxx/CVE-2018-9952.json b/2018/9xxx/CVE-2018-9952.json index 7eceaaa534a..857f2510e28 100644 --- a/2018/9xxx/CVE-2018-9952.json +++ b/2018/9xxx/CVE-2018-9952.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9952", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the formattedValue attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5527." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-336" } ] } diff --git a/2018/9xxx/CVE-2018-9953.json b/2018/9xxx/CVE-2018-9953.json index 49f3dc3d0dc..d16c96d4700 100644 --- a/2018/9xxx/CVE-2018-9953.json +++ b/2018/9xxx/CVE-2018-9953.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9953", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNodes method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5528." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-337" } ] } diff --git a/2018/9xxx/CVE-2018-9954.json b/2018/9xxx/CVE-2018-9954.json index f00d22c92f1..91ba1c98bd8 100644 --- a/2018/9xxx/CVE-2018-9954.json +++ b/2018/9xxx/CVE-2018-9954.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9954", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the y attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5529." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-338" } ] } diff --git a/2018/9xxx/CVE-2018-9955.json b/2018/9xxx/CVE-2018-9955.json index b8f547b52c8..5dcf9b2f8fd 100644 --- a/2018/9xxx/CVE-2018-9955.json +++ b/2018/9xxx/CVE-2018-9955.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9955", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNode method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5531." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-339" } ] } diff --git a/2018/9xxx/CVE-2018-9956.json b/2018/9xxx/CVE-2018-9956.json index ec0dfb4a1ed..f04385088e7 100644 --- a/2018/9xxx/CVE-2018-9956.json +++ b/2018/9xxx/CVE-2018-9956.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9956", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the title attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5617." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-340" } ] } diff --git a/2018/9xxx/CVE-2018-9957.json b/2018/9xxx/CVE-2018-9957.json index d8909057377..d9aaa99d9e8 100644 --- a/2018/9xxx/CVE-2018-9957.json +++ b/2018/9xxx/CVE-2018-9957.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9957", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When parsing arguments passed to the resetData method, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5618." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-341" } ] } diff --git a/2018/9xxx/CVE-2018-9958.json b/2018/9xxx/CVE-2018-9958.json index 724f536f431..9bceeb2c23b 100644 --- a/2018/9xxx/CVE-2018-9958.json +++ b/2018/9xxx/CVE-2018-9958.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9958", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-342" } ] } diff --git a/2018/9xxx/CVE-2018-9959.json b/2018/9xxx/CVE-2018-9959.json index e516b4f41a2..b84decf45f5 100644 --- a/2018/9xxx/CVE-2018-9959.json +++ b/2018/9xxx/CVE-2018-9959.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9959", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the pageNum document attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5432." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-343" } ] } diff --git a/2018/9xxx/CVE-2018-9960.json b/2018/9xxx/CVE-2018-9960.json index d8e4151e578..90feed7a6dd 100644 --- a/2018/9xxx/CVE-2018-9960.json +++ b/2018/9xxx/CVE-2018-9960.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9960", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the textColor Field attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5433." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-344" } ] } diff --git a/2018/9xxx/CVE-2018-9961.json b/2018/9xxx/CVE-2018-9961.json index a4b9937fd74..b05357e054e 100644 --- a/2018/9xxx/CVE-2018-9961.json +++ b/2018/9xxx/CVE-2018-9961.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9961", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the rect Field attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5434." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-345" } ] } diff --git a/2018/9xxx/CVE-2018-9962.json b/2018/9xxx/CVE-2018-9962.json index a146dd07bb1..1b1961577fc 100644 --- a/2018/9xxx/CVE-2018-9962.json +++ b/2018/9xxx/CVE-2018-9962.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9962", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Annotation's author attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5435." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-346" } ] } diff --git a/2018/9xxx/CVE-2018-9963.json b/2018/9xxx/CVE-2018-9963.json index 6d092df9cda..86bb0414f84 100644 --- a/2018/9xxx/CVE-2018-9963.json +++ b/2018/9xxx/CVE-2018-9963.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9963", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5549." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-347" } ] } diff --git a/2018/9xxx/CVE-2018-9964.json b/2018/9xxx/CVE-2018-9964.json index 01b1c9df90c..7a473c5d34e 100644 --- a/2018/9xxx/CVE-2018-9964.json +++ b/2018/9xxx/CVE-2018-9964.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9964", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the name attribute of OCG objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5568." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-348" } ] } diff --git a/2018/9xxx/CVE-2018-9965.json b/2018/9xxx/CVE-2018-9965.json index b1aa21ffdf6..fd3c9ea7c75 100644 --- a/2018/9xxx/CVE-2018-9965.json +++ b/2018/9xxx/CVE-2018-9965.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9965", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5569." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-349" } ] } diff --git a/2018/9xxx/CVE-2018-9966.json b/2018/9xxx/CVE-2018-9966.json index ec9718a0eed..67bbe7b456e 100644 --- a/2018/9xxx/CVE-2018-9966.json +++ b/2018/9xxx/CVE-2018-9966.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9966", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5570." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-350" } ] } diff --git a/2018/9xxx/CVE-2018-9967.json b/2018/9xxx/CVE-2018-9967.json index f7eafbfed99..7f3ee7bd57f 100644 --- a/2018/9xxx/CVE-2018-9967.json +++ b/2018/9xxx/CVE-2018-9967.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9967", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5571." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-351" } ] } diff --git a/2018/9xxx/CVE-2018-9968.json b/2018/9xxx/CVE-2018-9968.json index edafd9d12e2..ec8d9e480f3 100644 --- a/2018/9xxx/CVE-2018-9968.json +++ b/2018/9xxx/CVE-2018-9968.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9968", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Keystroke actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5572." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-352" } ] } diff --git a/2018/9xxx/CVE-2018-9969.json b/2018/9xxx/CVE-2018-9969.json index 133047d12ae..d4a9fd3d225 100644 --- a/2018/9xxx/CVE-2018-9969.json +++ b/2018/9xxx/CVE-2018-9969.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9969", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA boundItem method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5579." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-353" } ] } diff --git a/2018/9xxx/CVE-2018-9970.json b/2018/9xxx/CVE-2018-9970.json index dbc34dd1222..b5fa98bebb3 100644 --- a/2018/9xxx/CVE-2018-9970.json +++ b/2018/9xxx/CVE-2018-9970.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9970", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA execEvent method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5580." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-354" } ] } diff --git a/2018/9xxx/CVE-2018-9971.json b/2018/9xxx/CVE-2018-9971.json index 0fa01ad8897..66b26bd058a 100644 --- a/2018/9xxx/CVE-2018-9971.json +++ b/2018/9xxx/CVE-2018-9971.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9971", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.104" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.104. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5754." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-355" } ] } diff --git a/2018/9xxx/CVE-2018-9972.json b/2018/9xxx/CVE-2018-9972.json index a7c62f33d54..1e41d924498 100644 --- a/2018/9xxx/CVE-2018-9972.json +++ b/2018/9xxx/CVE-2018-9972.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9972", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5755." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-356" } ] } diff --git a/2018/9xxx/CVE-2018-9973.json b/2018/9xxx/CVE-2018-9973.json index 652a2a5b724..57b12eb8e86 100644 --- a/2018/9xxx/CVE-2018-9973.json +++ b/2018/9xxx/CVE-2018-9973.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9973", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5758." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-357" } ] } diff --git a/2018/9xxx/CVE-2018-9974.json b/2018/9xxx/CVE-2018-9974.json index a3fb0412092..9a25a1540c6 100644 --- a/2018/9xxx/CVE-2018-9974.json +++ b/2018/9xxx/CVE-2018-9974.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9974", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5895." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-122-Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-358" } ] } diff --git a/2018/9xxx/CVE-2018-9975.json b/2018/9xxx/CVE-2018-9975.json index af8e1ca6d38..dd2f575279b 100644 --- a/2018/9xxx/CVE-2018-9975.json +++ b/2018/9xxx/CVE-2018-9975.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9975", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shift events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5762." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-359" } ] } diff --git a/2018/9xxx/CVE-2018-9976.json b/2018/9xxx/CVE-2018-9976.json index ed86e7b641a..7f6c6fc2194 100644 --- a/2018/9xxx/CVE-2018-9976.json +++ b/2018/9xxx/CVE-2018-9976.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9976", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5425." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-374" } ] } diff --git a/2018/9xxx/CVE-2018-9977.json b/2018/9xxx/CVE-2018-9977.json index 24a63cfcb3c..3b7315f0a13 100644 --- a/2018/9xxx/CVE-2018-9977.json +++ b/2018/9xxx/CVE-2018-9977.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9977", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Modifier Chain objects in U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5427." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-416-Use After Free" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-375" } ] } diff --git a/2018/9xxx/CVE-2018-9978.json b/2018/9xxx/CVE-2018-9978.json index 288d748d523..32dbcd04ed8 100644 --- a/2018/9xxx/CVE-2018-9978.json +++ b/2018/9xxx/CVE-2018-9978.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9978", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the context process. Was ZDI-CAN-5428." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-376" } ] } diff --git a/2018/9xxx/CVE-2018-9979.json b/2018/9xxx/CVE-2018-9979.json index 3a7d7ce70d9..193a5c17a3d 100644 --- a/2018/9xxx/CVE-2018-9979.json +++ b/2018/9xxx/CVE-2018-9979.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9979", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Continuation objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5429." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-377" } ] } diff --git a/2018/9xxx/CVE-2018-9980.json b/2018/9xxx/CVE-2018-9980.json index 4338354092c..31619f6f5d8 100644 --- a/2018/9xxx/CVE-2018-9980.json +++ b/2018/9xxx/CVE-2018-9980.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9980", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5430." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-378" } ] } diff --git a/2018/9xxx/CVE-2018-9981.json b/2018/9xxx/CVE-2018-9981.json index f5daae39feb..d2f47e59f57 100644 --- a/2018/9xxx/CVE-2018-9981.json +++ b/2018/9xxx/CVE-2018-9981.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9981", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5431." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-824-Access of Uninitialized Pointer" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-379" } ] } diff --git a/2018/9xxx/CVE-2018-9982.json b/2018/9xxx/CVE-2018-9982.json index 949575f7c5f..da2cf2b767c 100644 --- a/2018/9xxx/CVE-2018-9982.json +++ b/2018/9xxx/CVE-2018-9982.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9982", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the Texture Width in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5483." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-787-Out-of-bounds Write" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-380" } ] } diff --git a/2018/9xxx/CVE-2018-9983.json b/2018/9xxx/CVE-2018-9983.json index 4c437568b9e..6c4455d0d24 100644 --- a/2018/9xxx/CVE-2018-9983.json +++ b/2018/9xxx/CVE-2018-9983.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9983", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the context process. Was ZDI-CAN-5494." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-381" } ] } diff --git a/2018/9xxx/CVE-2018-9984.json b/2018/9xxx/CVE-2018-9984.json index 561450dd080..b5dd2bc13d3 100644 --- a/2018/9xxx/CVE-2018-9984.json +++ b/2018/9xxx/CVE-2018-9984.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2018-9984", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Foxit Reader", + "version" : { + "version_data" : [ + { + "version_value" : "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name" : "Foxit" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Image Channels objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5495." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-18-382" } ] }