Lucene search
PRIOn knowledge basePRION:CVE-2020-15638HistoryAug 20, 2020 - 1:17 a.m.
Type confusion
2020-08-2001:17:00
PRIOn knowledge base
www.prio-n.com
6
0.001 Low
EPSS
Percentile
51.1%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NodeProperties::InferReceiverMapsUnsafe method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10950.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phantompdf | le | 10.0.0.35798 | |
| reader | le | 10.0.0.35798 |
Related
cvelist
cvelist
CVE-2020-15638
2020-08-19 20:55:29
nvd
nvd
CVE-2020-15638
2020-08-20 01:17:13
zdi
zdi
Foxit PhantomPDF JSCreate Type Confusion Remote Code Execution Vulnerability
2020-08-04 00:00:00
cve
cve
CVE-2020-15638
2020-08-20 01:17:13
nessus
nessus
Foxit Reader < 10.0.1 Multiple Vulnerabilities
2020-08-04 00:00:00
Foxit PhantomPDF < 9.7.3 Multiple Vulnerabilities
2020-09-11 00:00:00
Foxit PhantomPDF < 10.0.1 Multiple Vulnerabilities
2020-08-04 00:00:00
kaspersky
kaspersky
KLA11922 Multiple vulnerabilities in Foxit Reader
2020-07-31 00:00:00