ZDI-23-1875: Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability | allinfosecnews.com

Dec. 20, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2023-51562.

attackers cves cvss disclosure exploit file foxit information information disclosure information disclosure vulnerability malicious out-of-bounds page pdf pdf reader rating reader sensitive sensitive information target vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability 2 days, 13 hours ago | www.zerodayinitiative.com

arbitrary code attackers bluetooth code +20

ZDI-24-438: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 13 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-437: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 13 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-436: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 13 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-435: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 13 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-434: Dassault Systèmes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability 2 days, 13 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-433: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 13 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-432: Dassault Systèmes eDrawings Viewer JT File Parsing Memory Corruption Remote Code Execution Vulnerability 2 days, 13 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +17

ZDI-24-431: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 13 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

Network Security Tools Engineer / Systems Engineer

@ Node.Digital | Arlington, Virginia, United States

View on infosec-jobs.com

Scrum Master II - Global Information Security PMO

@ Marriott International | Bethesda, MD, United States

View on infosec-jobs.com

Principle Security Incident Response Analyst

@ Oracle | United States

View on infosec-jobs.com

Cyber Network Engineer

@ Peraton | Aberdeen Proving Ground, MD, United States

View on infosec-jobs.com

Red Team Operator: Assessments & Exercises Vice President

@ JPMorgan Chase & Co. | Columbus, OH, United States

View on infosec-jobs.com

Cybersecurity Undergraduate - Internship

@ esure Group | Reigate, United Kingdom

View on infosec-jobs.com