Vulnerability Details CVE-2016-4063
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.045
EPSS Ranking 90.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/85379
- http://www.zerodayinitiative.com/advisories/ZDI-16-219
- http://www.zerodayinitiative.com/advisories/ZDI-16-220
- https://www.foxitsoftware.com/support/security-bulletins.php
- http://www.securityfocus.com/bid/85379
- http://www.zerodayinitiative.com/advisories/ZDI-16-219
- http://www.zerodayinitiative.com/advisories/ZDI-16-220
- https://www.foxitsoftware.com/support/security-bulletins.php
Products affected by CVE-2016-4063
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.3.0.118
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.0.118