Hemidallt

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 2019.010.20098 **Description** This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the `removeField` method when processing AcroForms, resulting from the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this, in conjunction with other issues, to execute code in the context of the current process. **Recommendations** For Foxit Reader version 2019.010.20098, consider disabling the `removeField` method when processing AcroForms as a temporary workaround until a patch is available. Restrict access to malicious pages or files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.4.1.16828 **Description** This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the `removeField` method when processing AcroForms, resulting from the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this, in conjunction with other issues, to execute code in the context of the current process. **Recommendations** For Foxit Reader version 9.4.1.16828, consider disabling the `removeField` method when processing AcroForms as a temporary workaround until a patch is available. Restrict access to malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.4.1.16828 **Description** This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the `removeField` method when processing AcroForms, due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit Reader version 9.4.1.16828, as a temporary workaround, consider disabling the `removeField` method when processing AcroForms until a patch is available. Restrict access to malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.4.1.16828 **Description** This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the `removeField` method when processing AcroForms, due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit Reader version 9.4.1.16828, as a temporary workaround, consider disabling the `removeField` method when processing AcroForms until a patch is available. Restrict access to malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.4.1.16828 **Description** This issue allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the `removeField` method when processing AcroForms, due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit Reader version 9.4.1.16828, as a temporary workaround, consider disabling the `removeField` method when processing AcroForms until a patch is available. Restrict access to malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.4.1.16828 **Description** This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the `resetForm` method when processing AcroForms, resulting from the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this, in conjunction with other issues, to execute code in the context of the current process. **Recommendations** For Foxit Reader version 9.4.1.16828, consider disabling the `resetForm` method when processing AcroForms as a temporary workaround until a patch is available. Restrict access to malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 2019.010.20098 **Description** This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of the `value` property of a `Field` object within AcroForms, resulting from the lack of validation of an object's existence prior to performing operations on it. An attacker can leverage this, in conjunction with other issues, to execute code in the context of the current process. **Recommendations** For Foxit Reader version 2019.010.20098, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider restricting the use of AcroForms or the handling of the `value` property of `Field` objects until a patch is available. Avoid opening malicious files or visiting suspicious pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 72.0.3626.81 **Description** The issue is related to insufficient input validation in the WebGL component of Google Chrome, allowing a remote attacker to perform an out of bounds memory read via a crafted HTML page. This can enable the attacker to read data beyond buffer boundaries. The exploitation of this issue may allow a remote attacker to overwrite arbitrary files in the target directory. **Recommendations** For Google Chrome versions prior to 72.0.3626.81, update to version 72.0.3626.81 or later to resolve the issue.