Vulnerability Details CVE-2016-4064
Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/85379
- http://www.zerodayinitiative.com/advisories/ZDI-16-215
- https://www.foxitsoftware.com/support/security-bulletins.php
- http://www.securityfocus.com/bid/85379
- http://www.zerodayinitiative.com/advisories/ZDI-16-215
- https://www.foxitsoftware.com/support/security-bulletins.php
Products affected by CVE-2016-4064
-
cpe:2.3:a:foxitsoftware:foxit_reader:7.3.0.118
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.0.118