virus logo FortiClient Vulnerability

Vulnerability CVE-2020-15637 for Foxit PhantomPDF

description-logoDescription

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetLocalDescription method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10972.

affected-products-logoAffected Applications

Foxit PhantomPDF

CVE References

CVE-2020-15637

Other References

https://www.foxit.com/support/security-bulletins.html
ID 70619
Created Feb 02, 2022
Description
Updated		 Feb 16, 2022
Risk black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Foxit
Patch manual
Application Foxit PhantomPDF