SB2017081716 - Remote code execution in Foxit Reader
Published: August 18, 2017 Updated: August 12, 2020
Security Bulletin ID
SB2017081716
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Command injection (CVE-ID: CVE-2017-10951)
CWE-ID: CWE-77 - Command injection
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in app.launchURL method due to insufficient validation of user-supplied string before using it to execute a system call. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, inject malicious commands and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise however requires that attacker is able to bypass Safe Reading Mode.
2) Improper input validation (CVE-ID: CVE-2017-10952)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the saveAs JavaScript function due to insufficient validation of user-supplied input. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, write arbitrary files into attacker controlled locations and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise however requires that attacker is able to bypass Safe Reading Mode.
Remediation
Install update from vendor's website.