Vulnerability identifier: #VU52953
Vulnerability risk: High
Exploitation vector: Network
Exploit availability: No
Vendor: Foxit Software Inc.
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when parsing certain PDF files that contain nonstandard /Size key value in the Trailer dictionary. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
Install updates from vendor's website.
Vulnerable software versions
Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 9.0 - 126.96.36.199616
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?