Oiax

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.0.1.1049 **Description** This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within ConvertToPDF x86.dll due to the lack of proper validation of user-supplied data, resulting in a write past the end of an allocated object. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit Reader version 9.0.1.1049, consider disabling the ConvertToPDF x86.dll module as a temporary workaround until a patch is available. Restrict access to potentially malicious files and web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.0.1.1049 **Description** This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within ConvertToPDF x86.dll due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. An attacker can leverage this, in conjunction with other issues, to execute arbitrary code in the context of the current process. **Recommendations** For Foxit Reader version 9.0.1.1049, consider disabling the ConvertToPDF x86.dll module as a temporary workaround until a patch is available. Restrict access to potentially malicious files and web pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.0.1.1049 **Description** This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within ConvertToPDF x86.dll due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. An attacker can leverage this, in conjunction with other issues, to execute arbitrary code in the context of the current process. **Recommendations** For Foxit Reader version 9.0.1.1049, consider disabling the ConvertToPDF x86.dll module as a temporary workaround until a patch is available. Restrict access to potentially malicious files and web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.0.1.1049 **Description** This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of JPEG2000 images due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. An attacker can leverage this, in conjunction with other issues, to execute code in the context of the current process. **Recommendations** For Foxit Reader version 9.0.1.1049, consider updating to a newer version that addresses this issue, as no specific workaround is provided for this version. As a temporary measure, avoid opening suspicious files or visiting untrusted websites to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.0.1.104 **Description** This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within `ConvertToPDF x86.dll` due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. An attacker can leverage this, in conjunction with other issues, to execute arbitrary code in the context of the current process. **Recommendations** For Foxit Reader version 9.0.1.104, consider disabling the `ConvertToPDF x86.dll` until a patch is available to prevent exploitation. Restrict access to potentially malicious files or web pages to minimize the risk of sensitive information disclosure.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.0.1.1049 **Description** This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within ConvertToPDF x86.dll due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. An attacker can leverage this, in conjunction with other issues, to execute arbitrary code in the context of the current process. **Recommendations** For Foxit Reader version 9.0.1.1049, consider disabling the ConvertToPDF x86.dll module as a temporary workaround until a patch is available. Restrict access to potentially malicious files and web pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 8.3.1.21155 **Description** This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of JPEG2000 images embedded in PDF files due to the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated object, potentially allowing an attacker to execute code in the context of the current process when combined with other vulnerabilities. **Recommendations** For Foxit Reader version 8.3.1.21155, consider disabling the parsing of JPEG2000 images embedded in PDF files as a temporary workaround until a patch is available. Restrict access to malicious pages or files to minimize the risk of exploitation.