Foxit Reader Arbitrary Command Execution Vulnerability Network Vulnerability

Summary

The host is installed with Foxit Reader and is prone to arbitrary command execution vulnerability.

Impact

Successful exploitation will let attacker to execute arbitrary code or crash an affected application. Impact Level: Application

Solution

Upgrade to the version 3.2.1.0401 or later, For updates refer to http://www.foxitsoftware.com/downloads/

Insight

The flaw exists due to error in hadling 'PDF' files which runs executable embedded program inside a PDF automatically without asking for user permission.

Affected

Foxit Reader version prior to 3.2.1.0401

References

http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/
http://www.foxitsoftware.com/pdf/reader/security.htm#0401
http://www.kb.cert.org/vuls/id/570177

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1239

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows

Take action and discover your vulnerabilities