Security News > 2020 > April > Foxit PDF Reader, PhantomPDF Open to Remote Code Execution

Foxit PDF Reader, PhantomPDF Open to Remote Code Execution
2020-04-20 18:18

Foxit Software has released patches for dozens of high-severity flaws impacting its PDF reader and editor platforms.

Overall, Foxit Software patched flaws tied to 20 CVEs in Foxit Reader and Foxit PhantomPDF for Windows.

The high-severity flaws in Foxit Reader enable RCE; they are fixed in Foxit Reader version 9.7.2.

Flaws tied to 11 CVEs were also patched in the beta version of the U3DBrowser Plugin, a Foxit Reader and PhantomPDF plugin that allows viewing embedded 3D annotations in PDF files.

To address these issues, Foxit released 3D Plugin Beta 9.7.2.29539 for Foxit Reader and PhantomPDF. These are only the latest flaws to be discovered Foxit Software products.


News URL

https://threatpost.com/foxit-pdf-reader-phantompdf-remote-code-execution/154942/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Foxit 5 6 17 122 4 149