Security News > 2017 > August > Two Foxit Reader RCE zero-day vulnerabilities disclosed (Help Net Security)
2017-08-18 18:44
Trend Micro’s Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader. The first one (CVE-2017-10951) is a command injection flaw that exists within the app.launchURL method, and arises because the method accepts more than just URLs as arguments. It does not filter file extensions, and therefore can be nade to launch executables. It was discovered by Ariele Caltabiano. The second one (CVE-2017-10952) is a … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/jWfKFf9i2uw/
Related news
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2017-10951 | OS Command Injection vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. | 8.8 |
| 2017-08-29 | CVE-2017-10952 | Improper Input Validation vulnerability in Foxitsoftware Foxit Reader 8.2.0.2051 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. | 8.8 |