Security researchers convey discovered 2 critical zero-day safety vulnerabilities inward Foxit Reader software that could allow attackers to execute arbitrary code on a targeted computer, if non configured to opened upward files inward the Safe Reading Mode.
The offset vulnerability (CVE-2017-10951) is a command injection põrnikas discovered yesteryear researcher Ariele Caltabiano working amongst Trend Micro's Zero Day Initiative (ZDI), spell the minute põrnikas (CVE-2017-10952) is a file write number found yesteryear Offensive Security researcher Steven Seeley.
An aggressor tin exploit these bugs yesteryear sending a especially crafted PDF file to a Foxit user too enticing them to opened upward it.
Foxit refused to acre both the vulnerabilities because they would non move amongst the "safe reading mode" characteristic that fortunately comes enabled yesteryear default inward Foxit Reader.
"Foxit Reader & PhantomPDF has a Safe Reading Mode which is enabled yesteryear default to command the running of JavaScript, which tin effectively guard against potential vulnerabilities from unauthorized JavaScript actions," the society says.However, researchers believe edifice a mitigation doesn't acre the vulnerabilities completely, which if remained unpatched, could last exploited if attackers discovery a means to bypass rubber reading means inward the close future.
Both unpatched vulnerabilities tin last triggered through the JavaScript API inward Foxit Reader.
CVE-2017-10951: The command injection põrnikas resides inward an app.launchURL purpose that executes strings provided yesteryear attackers on the targeted organization due to lack of proper validation, equally demonstrated inward the video given below.
CVE-2017-10952: This vulnerability exists inside the "saveAs" JavaScript purpose that allows attackers to write an arbitrary file on a targeted organization at whatsoever specific location, equally demonstrated inward the video given below.
"Steven exploited this vulnerability yesteryear embedding an HTA file inward the document, so calling saveAS to write it to the startup folder, therefore executing arbitrary VBScript code on startup," reads the advisory malicious PowerPoint file could compromise your calculator amongst malware.
So, ever beware of phishing emails, spams, too clicking the malicious attachment.
Update: Foxit Response
Foxit spokesperson has provided the next disputation to The Hacker News via an Email:
"Foxit Software is deeply committed to delivering secure PDF products to its customers. Our runway tape is strong inward responding chop-chop inward fixing vulnerabilities. We are currently working to rapidly address the 2 vulnerabilities reported on the Zero Day Initiative weblog too volition chop-chop deliver software improvements. In the meantime, users tin assistance protect themselves yesteryear using the Safe Reading Mode.""We apologize for our initial miscommunication when contacted virtually these vulnerabilities too are making changes to our procedures to mitigate the probability of it occurring again."
Share This :
comment 0 Comments
more_vert