Mat Powell

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) **Description** A memory corruption issue exists in the way Foxit PDF Reader handles 3D annotations. This is due to inadequate bounds checking when processing U3D data. Opening a PDF file with improperly formed or specifically designed PRC content can lead to out-of-bounds memory access and subsequent memory corruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) **Description** A memory corruption issue exists in the way Foxit PDF Reader handles 3D annotations. This is due to inadequate bounds checking when processing PRC data. Opening a PDF file with improperly formed or crafted PRC content can lead to out-of-bounds memory access and subsequent memory corruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) **Description** A memory corruption issue exists in the way Foxit PDF Reader processes 3D annotations. This is due to inadequate checks on the size of data when handling PRC data. Opening a PDF file with incorrectly formatted or crafted PRC content can lead to memory corruption because of out-of-bounds memory access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pdfforge PDF Architect (affected versions not specified) **Description** A flaw exists in the parsing of PDF files within pdfforge PDF Architect, stemming from insufficient validation of user-supplied data. This can lead to a memory corruption condition, potentially allowing a remote attacker to execute arbitrary code. User interaction is required, such as visiting a malicious page or opening a malicious file, to trigger exploitation. The issue was identified as ZDI-CAN-27902. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pdfforge PDF Architect (affected versions not specified) **Description** A flaw exists in the parsing of PDF files within pdfforge PDF Architect. Insufficient validation of user-supplied data can lead to a read past the end of an allocated object, potentially disclosing sensitive information. An attacker can exploit this issue if a user visits a malicious page or opens a malicious file. This could be leveraged with other issues to execute code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) **Description** This issue allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this, as the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of PRC files due to a lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) **Description** A flaw exists in the parsing of PRC files due to insufficient validation of user-supplied data, leading to a read past the end of an allocated buffer. An attacker can leverage this to execute code within the context of the current process. User interaction is required, specifically the target must visit a malicious page or open a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) **Description** Foxit PDF Reader contains a flaw in the parsing of PRC files due to insufficient validation of user-supplied data. This can lead to a read past the end of an allocated buffer, potentially allowing a remote attacker to execute arbitrary code within the context of the current process. User interaction is required, specifically, a user must visit a malicious page or open a malicious file to trigger the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) Foxit PDF Editor (affected versions not specified) **Description** The software contains a flaw in the parsing of PRC files, leading to an out-of-bounds read. Exploitation of this issue could allow a remote attacker to execute arbitrary code on affected systems. User interaction is required, specifically the need for a user to open a malicious file or visit a malicious page. The issue stems from insufficient validation of user-supplied data during PRC file parsing, resulting in a read past the end of an allocated buffer. An attacker can potentially leverage this to execute code within the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) **Description** A flaw exists within the parsing of PRC files due to a lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. This can allow remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this issue; the target must visit a malicious page or open a malicious file. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) **Description** A flaw exists within the parsing of PRC files due to a lack of proper validation of user-supplied data, resulting in a read past the end of an allocated buffer. This can allow remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this issue, as the target must visit a malicious page or open a malicious file. An attacker could potentially leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor (affected versions not specified) Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists within the parsing of PRC files due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. This can be leveraged in conjunction with other issues to execute arbitrary code in the context of the current process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor (affected versions not specified) Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of U3D files due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor (affected versions not specified) Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists within the parsing of U3D files due to the lack of validation of an object's existence before performing operations on it. This can be leveraged, in conjunction with other issues, to execute arbitrary code in the context of the current process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor (affected versions not specified) Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists within the parsing of U3D files due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. This can be leveraged to execute arbitrary code in the context of the current process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor (affected versions not specified) Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of U3D files due to the lack of proper validation of user-supplied data, resulting in a write past the end of an allocated object. An attacker can leverage this to execute code in the context of the current process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor (affected versions not specified) Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists within the parsing of U3D files due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated buffer. An attacker can leverage this, potentially in conjunction with other issues, to execute arbitrary code in the context of the current process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor (affected versions not specified) Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists within the parsing of U3D files due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. This can be leveraged to execute arbitrary code in the context of the current process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor (affected versions not specified) Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists within the parsing of U3D files due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. This can be leveraged in conjunction with other issues to execute arbitrary code in the context of the current process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor (affected versions not specified) Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists within the parsing of U3D files due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. This can be leveraged to execute arbitrary code in the context of the current process. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.