Security News > 2017 > August > Two Foxit Reader RCE zero-day vulnerabilities disclosed (Help Net Security)
2017-08-18 18:44
Trend Micro’s Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader. The first one (CVE-2017-10951) is a command injection flaw that exists within the app.launchURL method, and arises because the method accepts more than just URLs as arguments. It does not filter file extensions, and therefore can be nade to launch executables. It was discovered by Ariele Caltabiano. The second one (CVE-2017-10952) is a … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/jWfKFf9i2uw/
Related news
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) (source)
- Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2017-10951 | OS Command Injection vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. | 8.8 |
| 2017-08-29 | CVE-2017-10952 | Improper Input Validation vulnerability in Foxitsoftware Foxit Reader 8.2.0.2051 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. | 8.8 |