Zero-day Initiative (ZDI) has reported publicly a vulnerability in Foxit PDF reader because the company resists patching the vulnerability after their 120 days deadline.
Zero-day Initiative (ZDI) has reported publicly a vulnerability in Foxit PDF reader because the company resists patching the vulnerability after their 120 days deadline.The vulnerabilities reported by ZDI are CVE-2017-10951 AND CVE -2017-10952. Foxit PDF reader has around 400 million users globally.CVE-2017-10951 vulnerability was reported to the vendor on 18-05-2018. The flaw exists within the app.launchURL method because there was no proper validation of user supplies string before executing a system call.Below is the full statement of post published by ZDI on CVE-2017-10951 vulnerability:This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within app.launchURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process.CVE-2017-10952 vulnerability was reported to the vendor on 22-05-2017. The flaw exists on the saveAs javascript function due to the lack of proper validation of user-supplied data. It helps the attacker to write arbitrary files to attacker controlled locations.Below is the full statement of post published by ZDI on CVE-2017-10952 vulnerability:This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the saveAs JavaScript function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process.Foxit responded to the vulnerabilities reported by ZDI as that the Foxit reader and PhantomPDF have a safe reading mode which is enabled by default and will protect their user from vulnerabilities.