Security News > 2017 > August > Two Foxit Reader RCE zero-day vulnerabilities disclosed (Help Net Security)
2017-08-18 18:44
Trend Micro’s Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader. The first one (CVE-2017-10951) is a command injection flaw that exists within the app.launchURL method, and arises because the method accepts more than just URLs as arguments. It does not filter file extensions, and therefore can be nade to launch executables. It was discovered by Ariele Caltabiano. The second one (CVE-2017-10952) is a … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/jWfKFf9i2uw/
Related news
- Ivanti vows to transform its security operating model, reveals new vulnerabilities (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2017-10951 | OS Command Injection vulnerability in Foxitsoftware Foxit Reader 8.3.0.14878 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. | 6.8 |
| 2017-08-29 | CVE-2017-10952 | Improper Input Validation vulnerability in Foxitsoftware Foxit Reader 8.2.0.2051 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. | 6.8 |