Two Critical Zero-Day Flaws Came Out In Foxit PDF Reader

Two Critical Zero-Day Flaws Came Out In Foxit PDF Reader

Are you using Foxit PDF Reader? If so, then you need to look back.

Security researchers discovered two critical security vulnerabilities Zero-Day Foxit pdf Reader software that could allow malicious people to run arbitrary code on a target computer unless it is configured to open secure file reads.

The first vulnerability (CVE-2.017-10.951) is an injection error discovered by the Ariele Caltabiano command seeker working with Trend Micro Zero Day Initiative (ZDI), while the second bug (CVE-2.017-10.952) is a file writing problem Found by offensive security researcher Steven Seeley.

A malicious user can exploit these bugs by sending a PDF file specially crafted to a Foxit user and letting them open it.

Also Read: Chrome Extensions Hijacked To Target More Than 4 Million Users

Foxit pdf reader refused to correct two vulnerabilities that would not work with the “Safe Read Mode” feature that fortunately is enabled by default in Foxit Reader.

“Foxit pdf Reader and PhantomPDF have a secure read mode enabled by default to control the operation of JavaScript, which can effectively protect against potentially vulnerable JavaScript unauthorized actions,” says the company.

However, researchers believe that building an attenuation does not fully address vulnerabilities, which if left without patches, could be exploited if aggressors find a way to avoid safe read mode shortly.

Vulnerabilities without fixes can be activated through the JavaScript API in the Foxit pdf Reader.

CVE-2.017-10.951: The command injection error is running app.launchURL current chains provided by attackers in the destination system for lack of valid validation, as shown in the video shown below.

CVE-2.017-10.952: This vulnerability exists within the JavaScript “saveAs” feature that allows attackers to write arbitrary files on a specific system at any specific location, as shown in the video below.

“Steven exploits the vulnerability by inserting an HTA file into the document, then calling SaveAs to write it in the Startup folder, VBScript arbitrary code execution, in the beginning,” read the notice published by ZDI.

If you are one of those who use Foxit PhantomPDF and Reader, make sure you have activated the “Safe Read Mode” function. Also, you can uncheck the “Enable JavaScript” box in the Foxit Preferences menu action, although this may break some features.

Also Read: Hack Android Phones using AndroRat

Users are also always advised to be vigilant when they open files received by e-mail. Recently, we reported on how to open a malicious PowerPoint file that could compromise your computer with malware.

Therefore, always be wary of a phishing e-mail, spam and clicking on the malicious attachment.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.