Thu. Dec 12th, 2019

Foxit PDF Reader is exposed to 8 vulnerabilities

1 min read

Researchers recently revealed that there are eight vulnerabilities in the well-known PDF software Foxit PDF Reader (Windows version), which will affect more than 475 million users. These vulnerabilities allow hackers to remotely execute code in the software but require the victim to visit a malicious website or open a malicious file.

Among them, the most serious vulnerability (CVE-2019-5031) appears in the process of interaction between the Foxit Reader and the JavaScript engine. Hackers can exploit a specially crafted PDF document to trigger a memory outage to initiate a remote code execution attack or a denial of service attack. The other three vulnerabilities (CVE-2019-13326, CVE-2019-13327, CVE-2019-13328) are located in the field processing process within the Acroform object of the software. The remaining vulnerabilities are located in the TIF file processing process (CVE-2019-13329), the processing of JPG files (CVE-2019-13330, CVE-2019-13331), and the processing of XFA form templates. Medium (CVE-2019-13332).

At present, Foxit Software has released relevant updates and urged users to install as soon as possible.

Via: threatpost