In order to exploit these issues, an attacker would need to bypass Safe Reading Mode. The vulnerabilities could enable attackers to execute arbitrary code on vulnerable installations of Foxit Reader.
Unfortunately, the company decided not to patch the vulnerabilities and provided the following statement:
The first flaw (CVE-2017-10951) allows remote attackers to execute arbitrary code on a targeted machine. User interaction is needed to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The second flaw (CVE-2017-10952) enables remote attackers to execute arbitrary code on a targeted machine. User interaction is also needed to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Latest posts by Eslam Medhat (see all)
- Satori.Coin.Robber (botnet) is now hacking Ethereum mining rigs by replacing wallet address - January 17, 2018
- Skygofree (one of the most powerful strains of Android spyware) has been discovered - January 16, 2018
- Types of Hacking - January 13, 2018