Two Foxit Reader RCE zero-day vulnerabilities disclosed

Spread the love
Trend Micro’s Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader. The first one (CVE-2017-10951) is a command injection flaw that exists within the app.launchURL method, and arises because the method accepts more than just URLs as arguments. It does not filter file extensions, and therefore can be nade to launch executables. It was discovered by Ariele Caltabiano. The second one (CVE-2017-10952) is a … More
Click here for reuse options!