Foxit PDF Reader, PhantomPDF Open to Remote Code Execution

2020-04-20 18:18

Foxit Software has released patches for dozens of high-severity flaws impacting its PDF reader and editor platforms.

Overall, Foxit Software patched flaws tied to 20 CVEs in Foxit Reader and Foxit PhantomPDF for Windows.

The high-severity flaws in Foxit Reader enable RCE; they are fixed in Foxit Reader version 9.7.2.

Flaws tied to 11 CVEs were also patched in the beta version of the U3DBrowser Plugin, a Foxit Reader and PhantomPDF plugin that allows viewing embedded 3D annotations in PDF files.

To address these issues, Foxit released 3D Plugin Beta 9.7.2.29539 for Foxit Reader and PhantomPDF. These are only the latest flaws to be discovered Foxit Software products.

News URL

https://threatpost.com/foxit-pdf-reader-phantompdf-remote-code-execution/154942/

#codeexecution #foxit #PDF

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Foxit		5	0	54	18	1	73