In order to exploit these issues, an attacker would need to bypass Safe Reading Mode. The vulnerabilities could enable attackers to execute arbitrary code on vulnerable installations of Foxit Reader.
Unfortunately, the company decided not to patch the vulnerabilities and provided the following statement:
The first flaw (CVE-2017-10951) allows remote attackers to execute arbitrary code on a targeted machine. User interaction is needed to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The second flaw (CVE-2017-10952) enables remote attackers to execute arbitrary code on a targeted machine. User interaction is also needed to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Latest posts by William Fieldhouse (see all)
- A John McAfee-Backed ICO Exposed Thousands of Peoples Documents Due to Security Blunder - April 26, 2018
- Latest Hacking News Podcast #13 - April 17, 2018
- Latest Hacking News Podcast #12 - April 16, 2018