Full title: Foxit PDF Reader 9.0.1.1049 Pointer Overwrite Use-After-Free Exploit 
Category: local exploits
Platform: windows
Foxit PDF Reader version 9.0.1.1049 has a use-after-free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A ROP chain can be constructed that will execute when Foxit Reader performs the UAF.

# 0day.today @ http://0day.today/