Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-7956

Summary
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
Published At-18 Jul, 2019 | 21:47
Updated At-04 Aug, 2024 | 21:02
Rejected At-
Credits

Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:adobe
Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538
Published At:18 Jul, 2019 | 21:47
Updated At:04 Aug, 2024 | 21:02
Rejected At:
▼CVE Numbering Authority (CNA)

Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.

Affected Products
Vendor
n/a
Product
Adobe Dreamweaver
Versions
Affected
  • Adobe Dreamweaver?direct download installer version 19.0 and below, 18.0 and below
Problem Types
TypeCWE IDDescription
textN/AInsecure Library Loading (DLL hijacking)?
Type: text
CWE ID: N/A
Description: Insecure Library Loading (DLL hijacking)?
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html
x_refsource_MISC
Hyperlink: https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html
x_refsource_MISC
x_transferred
Hyperlink: https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@adobe.com
Published At:18 Jul, 2019 | 22:15
Updated At:21 Jul, 2021 | 11:39

Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

Adobe Inc.
adobe
>>dreamweaver>>Versions up to 19.0(inclusive)
cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-427Primarynvd@nist.gov
CWE ID: CWE-427
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.htmlpsirt@adobe.com
Vendor Advisory
Hyperlink: https://helpx.adobe.com/security/products/dreamweaver/apsb19-40.html
Source: psirt@adobe.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2613Records found

CVE-2019-1457
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.72% / 90.09%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeMicrosoft Office
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-36013
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-3.13% / 86.35%
||
7 Day CHG~0.00%
Published-23 Aug, 2021 | 22:36
Updated-23 Apr, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder VOB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-media_encoderMedia Encoder
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-35983
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-56.84% / 98.04%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-17 Sep, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-acrobat_dcacrobat_reader_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-27270
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.96% / 85.96%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 14:35
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12230.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsfoxit_readerPhantomPDF
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-1456
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-19.02% / 95.09%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1419.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34963
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.22%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14365.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2019-1264
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.97% / 91.74%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeoffice_365_proplusprojectMicrosoft ProjectMicrosoft OfficeOffice 365 ProPlus
CWE ID-CWE-20
Improper Input Validation
CVE-2019-13320
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.61% / 68.68%
||
7 Day CHG~0.00%
Published-04 Oct, 2019 | 17:37
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8814.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2021-34958
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.22%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14359.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorphantompdfpdf_editorpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2019-13326
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.22%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 21:33
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8864.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-readerwindowsReader
CWE ID-CWE-416
Use After Free
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-12574
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.27%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 19:55
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA client is vulnerable to a DLL injection vulnerability during the software update process. The updater loads several libraries from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as SYSTEM.

Action-Not Available
Vendor-londontrustmedian/aMicrosoft Corporation
Product-private_internet_access_vpn_clientwindowsn/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-13315
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.86% / 74.13%
||
7 Day CHG~0.00%
Published-04 Oct, 2019 | 17:37
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8656.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2019-13404
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.33%
||
7 Day CHG~0.00%
Published-08 Jul, 2019 | 00:54
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x

Action-Not Available
Vendor-n/aMicrosoft CorporationPython Software Foundation
Product-windowspythonn/a
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2019-12807
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.88% / 74.44%
||
7 Day CHG~0.00%
Published-13 Aug, 2019 | 19:22
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.

Action-Not Available
Vendor-estsoftESTSOFTMicrosoft Corporation
Product-alzipwindowsALZIP
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13316
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.86% / 74.13%
||
7 Day CHG~0.00%
Published-04 Oct, 2019 | 17:35
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8757.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsreaderPhantomPDF
CWE ID-CWE-416
Use After Free
CVE-2019-1259
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-5.04% / 89.34%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationMicrosoft SharePoint Foundation
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-3297
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-46.44% / 97.58%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_exploreredgen/a
CVE-2021-34836
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.17% / 83.64%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 15:16
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14017.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_readerpdf_editorwindowsPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2019-13324
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.84% / 85.69%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 21:28
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8782.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowsfoxit_studio_photoStudio Photo
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-34851
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.17% / 83.64%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 15:16
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14016.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_readerpdf_editorwindowsPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2019-12806
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-4.05% / 88.07%
||
7 Day CHG~0.00%
Published-13 Aug, 2019 | 19:10
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets.

Action-Not Available
Vendor-crosscertCROSSCERTMicrosoft Corporation
Product-windowsunisignUniSign
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13330
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.05%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 21:33
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8742.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-readerwindowsReader
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2024-30353
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.74% / 85.41%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:15
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22807.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-30346
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.33%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:13
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22745.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30354
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.33%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:15
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22808.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30357
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.37% / 84.35%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:16
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22818.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-34839
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.17% / 83.64%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 15:16
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14020.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_readerpdf_editorwindowsPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2024-30359
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.74% / 85.41%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:17
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of 3D objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22888.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-13332
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.22%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 21:33
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of templates in XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9149.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-readerwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2021-34852
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.17% / 83.64%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 15:16
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13929.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_readerpdf_editorwindowsPDF Reader
CWE ID-CWE-416
Use After Free
CVE-2019-13325
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.41% / 84.49%
||
7 Day CHG~0.00%
Published-03 Oct, 2019 | 21:28
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8922.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowsfoxit_studio_photoStudio Photo
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-30371
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.22% / 83.85%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:28
Updated-08 Aug, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23355.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-windowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30344
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.33%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:12
Updated-08 Aug, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Acroforms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22733.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2019-1200
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.37% / 91.35%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusoutlookofficeMicrosoft Outlook 2010 Service Pack 2Microsoft Outlook 2013 Service Pack 1Microsoft Outlook 2016Office 365 ProPlusMicrosoft Office 2019
CVE-2024-30333
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.33%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 16:23
Updated-11 Aug, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22639.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-34966
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.22%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14367.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2019-1205
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.24% / 93.60%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. Two possible email attack scenarios exist for this vulnerability: With the first email attack scenario, an attacker could send a specially crafted email message to the user and wait for the user to click on the message. When the message renders via Microsoft Word in the Outlook Preview Pane, an attack could be triggered. With the second scenario, an attacker could attach a specially crafted file to an email, send it to a user, and convince them to open it. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or other message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory. For users who view their emails in Outlook, the Preview Pane attack vector can be mitigated by disabling this feature. The following registry keys can be set to disable the Preview Pane in Outlook on Windows, either via manual editing of the registry or by modifying Group Policy. Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Outlook 2010: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Options DWORD: DisableReadingPane Value: 1 Outlook 2013: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options DWORD: DisableReadingPane Value: 1 Outlook 2016, Outlook 2019, and Office 365 ProPlus: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options DWORD: DisableReadingPane Value: 1

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serveroffice_365_proplusoffice_online_serverofficeMicrosoft Office Online ServerMicrosoft Office 2016 for MacMicrosoft SharePoint Server 2019Office 365 ProPlusMicrosoft Office 2019Microsoft Office 2019 for Mac
CVE-2024-30365
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.22% / 83.85%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:18
Updated-08 Aug, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22947.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30345
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.33%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:13
Updated-08 Aug, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22742.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_editorpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2016-3356
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-20.51% / 95.34%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Graphics Device Interface (GDI) in Microsoft Windows 10 1607 allows remote attackers to execute arbitrary code via a crafted document, aka "GDI Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-34957
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.22%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14358.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorphantompdfpdf_editorpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2024-30336
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.33%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:10
Updated-07 Aug, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22642.

Action-Not Available
Vendor-Foxit Software IncorporatedApple Inc.Microsoft Corporation
Product-macoswindowspdf_editorpdf_readerPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34960
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.22%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14362.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Editorphantompdfpdf_editorpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2019-12172
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.94% / 75.29%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 22:30
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.

Action-Not Available
Vendor-typoran/aLinux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-windowstyporalinux_kernelmac_os_xn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-30361
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.33%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:17
Updated-08 Aug, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22877.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30351
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.33%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:14
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22799.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30348
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-3.11% / 86.31%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:13
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22911.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-30362
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.53% / 84.84%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:18
Updated-08 Aug, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22798.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-34971
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.41% / 84.49%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-13 Aug, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14812.

Action-Not Available
Vendor-Foxit Software IncorporatedMicrosoft Corporation
Product-pdf_readerpdf_editorwindowsPDF Readerphantompdfpdf_editorpdf_reader
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-34845
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.17% / 83.64%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 15:16
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14034.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-pdf_readerpdf_editorwindowsPDF Reader
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 52
  • 53
  • Next
Details not found