Security News > 2017 > August > Two Foxit Reader RCE zero-day vulnerabilities disclosed (Help Net Security)
2017-08-18 18:44
Trend Micro’s Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader. The first one (CVE-2017-10951) is a command injection flaw that exists within the app.launchURL method, and arises because the method accepts more than just URLs as arguments. It does not filter file extensions, and therefore can be nade to launch executables. It was discovered by Ariele Caltabiano. The second one (CVE-2017-10952) is a … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/jWfKFf9i2uw/
Related news
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Zero-days dominate top frequently exploited vulnerabilities (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2017-10951 | OS Command Injection vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. | 8.8 |
| 2017-08-29 | CVE-2017-10952 | Improper Input Validation vulnerability in Foxitsoftware Foxit Reader 8.2.0.2051 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. | 8.8 |