Users of Foxit PDF Reader and PhantomPDF need to update their devices ASAP, reportedly both software exhibited numerous security flaws that could lead to remote code execution upon an exploit.
Foxit PDF Reader And PhantomPDF Flaws
According to a recent advisory from Foxit, Foxit PDF Reader and PhantomPDF had serious security flaws.
As revealed by Trend Micro ZDI, four different high-severity flaws affected Foxit PDF Reader that could allow remote code execution. Two of these vulnerabilities (CVE-2020-10899 and CVE-2020-10907) existed in the XFA templates. Whereas, similar flaws existed in AcroForms (CVE-2020-10900) and the resetForm method (CVE-2020-10906) of the software.
All four bugs received a CVSS score of 7.8. Explaining further about the flaws, ZDI stated,
The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.
Likewise, ZDI also shared details of various remote code execution vulnerabilities in PhantomPDF Reader. These vulnerabilities could also allow remote code execution when triggered.
Apart from the two apps, security bugs also affected Foxit’s U3DBrowser Plugin. It’s a plugin that helps in viewing embedded 3D annotations in PDF documents.
Patches Rolled Out
Foxit has confirmed that the vulnerabilities affected Foxit PDF Reader and PhantomPDF Reader versions 9.7.1.29511 and earlier, and 3D Plugin Beta versions 9.7.1.29511 and earlier.
Consequently, vendors have patched the flaws with the release of Foxit Reader 9.7.2, Foxit PhantomPDF 9.7.2, and 3D Plugin Beta 9.7.2.29539 respectively.
Since the fixes are out, users must ensure updating their devices with the patched versions to avoid potential exploit.
The previous updates from Foxit came out in October 2019, when they patched eight different bugs in Foxit PDF Reader. Those bugs also included remote code execution vulnerabilities.
ReplyDeleteIf You Want Download Webside So, thank you.
wincracker.com
Foxit Reader Crack
WinToUSB Enterprise Crack
Gather Proxy Premium Crack
Kon-Boot Crack
Ami Broker Crack
Bitwig Studio Crack
ReplyDeleteI try to figure out if this is a problem or a blog
https://wincracker.com/
Foxit Reader Crack
You may spare and repair the problems receive or ship a report from anywhere.
ReplyDeleteFoxit Reader Crack
Kontakt Player Crack
MediaMonkey Gold Crack
Fast Video Downloader Crack
XtoCC Crack
MikroTik Crack
HitPaw Screen Recorder Crack
MATLAB R2021a Crack
Blocs Crack
I am very impressed with your post because this post is very beneficial for me and provide a new knowledge to me
ReplyDeletehttps://vstcyberpc.com/foxit-phantompdf-crack/
https://vstcyberpc.com/genesis-pro-vst-crack/
https://vstcyberpc.com/minitool-power-data-recovery/
https://vstcyberpc.com/uad-ultimate-9-bundle/
Foxit Reader Crack I am very impressed with your post because this post is very beneficial for me and provide a new knowledge to me
ReplyDeleteMy response on my own website. Appreciation is a wonderful thing...thanks for sharing kepp it up. Razer Cortex Game Booster Crack
ReplyDeleteSData Tool 256GB Crack
Total Network Inventory Crack
Foxit Reader Crack
<a