In order to exploit these issues, an attacker would need to bypass Safe Reading Mode. The vulnerabilities could enable attackers to execute arbitrary code on vulnerable installations of Foxit Reader.
Unfortunately, the company decided not to patch the vulnerabilities and provided the following statement:
The first flaw (CVE-2017-10951) allows remote attackers to execute arbitrary code on a targeted machine. User interaction is needed to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The second flaw (CVE-2017-10952) enables remote attackers to execute arbitrary code on a targeted machine. User interaction is also needed to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Latest posts by Unallocated Author (see all)
- The Myth Of Coding Bootcamp Job Guarantees - August 9, 2019
- Wifi Pumpkin – WiFi MITM Attack and Audit Framework - August 9, 2019
- TheFatRat – A Convenient Exploitation Tool - August 7, 2019