Remote code execution in Foxit Reader
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-10951 CVE-2017-10952 |
| CWE-ID | CWE-77 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Foxit PDF Reader for Windows Client/Desktop applications / Office applications |
| Vendor | Foxit Software Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Command injection
EUVDB-ID: #VU7987
Risk: Medium
CVSSv3.1: 7.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-10951
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in app.launchURL method due to insufficient validation of user-supplied string before using it to execute a system call. A remote attacker can send a specially crafted .pdf file, trick the victim into opening it, inject malicious commands and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise however requires that attacker is able to bypass Safe Reading Mode.
Install update from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 7.3.0.118 - 8.3.1
External linkshttp://www.zerodayinitiative.com/advisories/ZDI-17-691/
http://www.zerodayinitiative.com/blog/2017/8/17/busting-myths-in-foxit-reader
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU7988
Risk: Medium
CVSSv3.1: 7.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-10952
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the saveAs JavaScript function due to insufficient validation of user-supplied input. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, write arbitrary files into attacker controlled locations and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system
compromise however requires that attacker is able to bypass Safe Reading
Mode.
Install update from vendor's website.
Vulnerable software versionsFoxit PDF Reader for Windows: 7.3.0.118 - 8.3.1
External linkshttp://www.zerodayinitiative.com/advisories/ZDI-17-692/
http://www.zerodayinitiative.com/blog/2017/8/17/busting-myths-in-foxit-reader
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
