sdger.blogg.se

10 Maj 2023 - 16:09
Foxit phantompdf software
Allmänt
Foxit phantompdf software







foxit phantompdf software

The issue here is that there’s no check for an object prior to performing operations on the object, opening the process up to an RCE attack. Thebug exists because the AcroForms do not validate an object’s existence prior to performing operations on that object.įinally, a flaw ( CVE-2020-10906) was addressed in the resetForm method within Foxit Reader PDFs. AcroForms are PDF files that contain form fields. An attacker can leverage both flaws to execute code in the context of the current process. Researchers also found an RCE flaw ( CVE-2020-10900) in the way AcroForms are processed. The issues both result from the lack of validating the existence of an object prior to performing operations on that object. Included are vulnerabilities ( CVE-2020-10899, CVE-2020-10907) within the processing of XFA templates, a template embedded in PDFs that allows for fillable fields. In an attack scenario for these flaws, “user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file,” according to a Trend Micro ZDI vulnerability analysis. The high-severity flaws in Foxit Reader enable RCE they are fixed in Foxit Reader version 9.7.2. “All of these should be considered critical.” “There are several bugs that could result in remote code execution ,” Dustin Childs, manager at Trend Micro’s Zero Day Initiative (ZDI), told Threatpost. In addition to millions users for its branded software, major corporations as Amazon, Google,and Microsoft license Foxit Software technology, opening up its threat landscape even more. PhantomPDF, meanwhile, enables users to convert different file formats to PDF. Foxit Reader is popular PDF software – with a user base of over 500 million for its free version – that provides tools for creating, signing and securing PDF files.

foxit phantompdf software foxit phantompdf software

Overall, Foxit Software patched flaws tied to 20 CVEs in Foxit Reader and Foxit PhantomPDF (versions 9.1 and earlier) for Windows. The most severe of the bugs, which exist on Windows versions of the software, enable a remote attacker to execute arbitrary code on vulnerable systems. Foxit Software has released patches for dozens of high-severity flaws impacting its PDF reader and editor platforms.









Foxit phantompdf software
0 kommentar(er)
Om Mig: