Microsoft: Security Vulnerabilities
A potential security vulnerability in Quartus® Prime Pro Edition Design Software may allow escalation of privilege.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-11
Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-11
A potential security vulnerability in Quartus® Prime Standard Edition Design Software may allow escalation of privilege.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-11
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-12-11
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-11
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-12-11
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., "/") may cause an out-of-bounds read in internal path-parsing logic, potentially leading to information disclosure or memory corruption.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-12-11
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. A crafted PDF containing JavaScript that calls closeDoc() while internal objects are still in use can cause premature release of these objects. This use-after-free vulnerability may lead to memory corruption, potentially resulting in information disclosure when the PDF is opened.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-11
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action on a form field that destroys an annotation. During user right-click interaction, the program's internal focus change handling prematurely releases the annotation object, resulting in a use-after-free vulnerability that may cause memory corruption or application crashes.
CVSS Score
6.7
EPSS Score
0.0
Published
2025-12-11
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in information disclosure, unauthorized data access, or other security impacts.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-12-11