Foxit PDF Reader, PhantomPDF Open to Remote Code Execution
#1
Information 
Quote:Foxit Software has released patches for dozens of high-severity flaws impacting its PDF reader and editor platforms. The most severe of the bugs, which exist on Windows versions of the software, enable a remote attacker to execute arbitrary code on vulnerable systems.
 
Overall, Foxit Software patched flaws tied to 20 CVEs in Foxit Reader and Foxit PhantomPDF (versions 9.7.1.29511 and earlier) for Windows. Foxit Reader is popular PDF software – with a user base of over 500 million for its free version – that provides tools for creating, signing and securing PDF files. PhantomPDF, meanwhile, enables users to convert different file formats to PDF. In addition to millions users for its branded software, major corporations as Amazon, Google,and Microsoft license Foxit Software technology, opening up its threat landscape even more.
 
“There are several bugs that could result in remote code execution [RCE],” Dustin Childs, manager at Trend Micro’s Zero Day Initiative (ZDI), told Threatpost. “All of these should be considered critical.”

The high-severity flaws in Foxit Reader enable RCE; they are fixed in Foxit Reader version 9.7.2. In an attack scenario for these flaws, “user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file,” according to a Trend Micro ZDI vulnerability analysis.

Read more: https://threatpost.com/foxit-pdf-reader-...on/154942/
[-] The following 2 users say Thank You to silversurfer for this post:
  • harlan4096, jasonX
Reply
#2
(21 April 20, 10:28)silversurfer Wrote:
Quote:Foxit Software has released patches for dozens of high-severity flaws impacting its PDF reader and editor platforms. The most severe of the bugs, which exist on Windows versions of the software, enable a remote attacker to execute arbitrary code on vulnerable systems.
 
Overall, Foxit Software patched flaws tied to 20 CVEs in Foxit Reader and Foxit PhantomPDF (versions 9.7.1.29511 and earlier) for Windows. Foxit Reader is popular PDF software – with a user base of over 500 million for its free version – that provides tools for creating, signing and securing PDF files. PhantomPDF, meanwhile, enables users to convert different file formats to PDF. In addition to millions users for its branded software, major corporations as Amazon, Google,and Microsoft license Foxit Software technology, opening up its threat landscape even more.
 
“There are several bugs that could result in remote code execution [RCE],” Dustin Childs, manager at Trend Micro’s Zero Day Initiative (ZDI), told Threatpost. “All of these should be considered critical.”

The high-severity flaws in Foxit Reader enable RCE; they are fixed in Foxit Reader version 9.7.2. In an attack scenario for these flaws, “user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file,” according to a Trend Micro ZDI vulnerability analysis.

Read more: https://threatpost.com/foxit-pdf-reader-...on/154942/

Oh..tsk..I have Foxit Phantom Business 9 here though I almost always use PDF-XChange Editor 8. Thanks for the heads-up there! That's a gem of an info there!
[-] The following 2 users say Thank You to jasonX for this post:
  • harlan4096, silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes
26.7.1 Added a ne...Kool — 05:26
NanaZip 6.5 Update (6.5.1767.0)
NanaZip 6.5 Update...harlan4096 — 19:15
Microsoft Edge 150 Adds Google Account S...
Microsoft has adde...harlan4096 — 10:26
Free Download Manager 6.34.2.6926
Changes in 6.34.2....harlan4096 — 09:37
Bitdefender 27.0.60.341
Latest version of ...harlan4096 — 09:34

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>