EXODUS BLOG

Month: August 2021

Foxit PhantomPDF ConvertToPDF Arbitrary File Write Remote Code Execution Vulnerability

AUGUST 24, 2021

EIP-884255a1 The vulnerability exists within an RPC interface listening on TCP port 6000, exposed by Foxit PhantomPDF. The ConvertToPDF method of the Creator object does not properly validate the bstrDestPathName argument, allowing arbitrary files...

Foxit PhantomPDF CombineFiles Arbitrary File Write Remote Code Execution Vulnerability

AUGUST 24, 2021

EIP-adf3136a The vulnerability exists within an RPC interface listening on TCP port 6000, exposed by Foxit PhantomPDF. The CombineFiles method of the Creator object does not properly validate the DestPDFFile argument, allowing arbitrary files...

Foxit PhantomPDF ConnectedPDF DocSearch_Locator_Table SQL Injection Remote Code Execution Vulnerability

AUGUST 24, 2021

EIP-68b878c6 The vulnerability exists within the ConnectedPDF service, implemented by the FoxitPhantomConnectedPDFService.exe binary. The service listens for connections on TCP port 44440 on localhost and fails to sanitize input data before using it to...

Foxit PhantomPDF ConnectedPDF ConnectedPDF_DRM_Table SQL Injection Remote Code Execution Vulnerability

AUGUST 24, 2021

EIP-962d432f The vulnerability exists within the ConnectedPDF service, implemented by the FoxitPhantomConnectedPDFService.exe binary. The service listens for connections on TCP port 44440 on localhost and fails to sanitize input data before using it to...

Foxit PhantomPDF ConnectedPDF DocUpdate_Notify_Table SQL Injection Remote Code Execution Vulnerability

AUGUST 24, 2021

EIP-6eceec3d The vulnerability exists within the ConnectedPDF service, implemented by the FoxitPhantomConnectedPDFService.exe binary. The service listens for connections on TCP port 44440 on localhost and fails to sanitize input data before using it to...

Foxit PhantomPDF extractPages Arbitrary File Write Remote Code Execution Vulnerability

AUGUST 24, 2021

EIP-a5cba843 The vulnerability exists within the JavaScript PDF API exposed by Foxit PhantomPDF. The extractPages method of the Document object does not properly validate the export path argument, allowing arbitrary files to be written...

Foxit PhantomPDF loadHtmlView Context Level Bypass Vulnerability

AUGUST 23, 2021

EIP-617871b4 The vulnerability exists within the JavaScript PDF API exposed by Foxit PhantomPDF. The loadHtmlView method of the app object invokes attacker-controlled JavaScript code in a privileged context. An attacker can create a specially...

Vulnerability Development Courses for 2021

AUGUST 16, 2021

UPDATE: Postponed. Unfortunately due to travel restrictions related to COVID we will be postponing these trainings until February 14, 2022. We are contacting current registered students and giving them the option of a refund...

Analysis of a Heap Buffer-Overflow Vulnerability in Microsoft Windows Address Book

AUGUST 5, 2021

By Eneko Cruz Elejalde Overview This post analyzes a heap-buffer overflow in Microsoft Windows Address Book. Microsoft released an advisory for this vulnerability for the 2021 February patch Tuesday. This post will go into...