CVE: CVE-2019-7035 Tested Versions: Adobe Reader DC 2019.010.20064 Product URL(s): https://acrobat.adobe.com/us/en/acrobat.html https://get.adobe.com/reader/ Description of the vulnerability Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage files in Portable Document Format (PDF). It provides compatibility to the ECMA-363 Standard (Universal 3D File Format) via 3difr.x3d, 2d.x3d and rt3d.dll, which allow viewing embedded 3D contents in PDF files....

CVE: CVE-2019-16337 Tested Versions: Hancom Office NEO (HncBD90 version 9.6.1.9403) Product URL(s): https://www.hancom.com/cs_center/csDownload.do Description of the vulnerability Hangul Office is published by Hancom, Inc. and is considered one of the more popular Office suites used within South Korea. When opening a specially crafted Office Open XML Workbook (.xlsx), HncBD90 uses realloc function to reallocate a memory buffer, but after the realloc it continues using the old pointer that has been freed, resulting in a use-after-free vulnerability....

CVE: CVE-2019-16338 Tested Versions: Hancom Office NEO (HwordApp) Product URL(s): https://www.hancom.com/cs_center/csDownload.do Description of the vulnerability Hangul Office is published by Hancom, Inc. and is considered one of the more popular Office suites used within South Korea. When opening a specially crafted Office Open XML Document (.docx), HwordApp does not properly process a tfo_common object which will cause a use-after-free. This may lead to code execution under the context of the application....

CVE: CVE-2019-16339 Tested Versions: HCell.exe 9.6.1.7363 SDSerialize 9.6.1.9403 Product URL(s): https://www.hancom.com/cs_center/csDownload.do Hangul Office is published by Hancom, Inc. and is considered one of the more popular Office suites used within South Korea. This vulnerability was discovered within the SDSerialize.dll when opening a specially crafted Office Open XML Workbook (.xlsx). This is part of the Hangul Office Suite. Vulnerability 0:000> lmvm SDSerialize start end module name 6eca0000 6ed36000 SDSerialize (export symbols) C:\Program Files (x86)\Hnc\Office NEO\HOffice96\Bin\SDSerialize....

CVE: CVE-2018-20333 Tested Versions: ASUSWRT 3.0.0.4.384.20308 (2018/02/01) Product URL(s): https://www.asus.com/us/ASUSWRT/ ASUSWRT is the firmware that is shipped with modern ASUS routers. ASUSWRT has a web-based interface, so it doesn’t need a separate app, or restrict what you can change via mobile devices – you get full access to everything, from any device that can run a web browser. Vulnerability An unauthenticated user can request the http://<ROUTERIP>/update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router....

CVE: CVE-2019-6984 Tested Versions: Foxit Reader 9.1.0.5096, U3DBrowser.fpi 9.1.0.425 Product URL(s): https://www.foxitsoftware.com/pdf-reader/ Description of the vulnerability Foxit Reader is a popular PDF reading and printing software. It provides compatibility to the ECMA-363 Standard (Universal 3D File Format) via the U3DBrowser plug-in, which allows viewing embedded 3D annotations in PDF files. Up to version 9.0.1.1049 the plug-in is loaded in its default installation package, subsequent version continues the support to its user base with the plug-in separately acquired....

CVE: CVE-2019-6985 Tested Versions: Foxit Reader 9.1.0.5096, U3DBrowser.fpi 9.1.0.425 Product URL(s): https://www.foxitsoftware.com/pdf-reader/ Description of the vulnerability Foxit Reader is a popular PDF reading and printing software. It provides compatibility to the ECMA-363 Standard (Universal 3D File Format) via the U3DBrowser plug-in, which allows viewing embedded 3D annotations in PDF files. Up to version 9.0.1.1049 the plug-in is loaded in its default installation package, subsequent version continues the support to its user base with the plug-in separately acquired....