Lucene search
ZdiCVELIST:CVE-2017-10951HistoryAug 29, 2017 - 1:00 p.m.
CVE-2017-10951
2017-08-2913:00:00
CWE-78
zdi
www.cve.org
0.067 Low
EPSS
Percentile
93.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within app.launchURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4724.
CNA Affected
[
{
"product": "Foxit Reader",
"vendor": "Zero Day Initiative",
"versions": [
{
"status": "affected",
"version": "8.3.0.14878"
}
]
}
]Related
checkpoint_advisories
checkpoint_advisories
Foxit Reader PDF Command Injection Remote Code Execution (CVE-2017-10951)
2017-08-23 00:00:00
prion
prion
Design/Logic Flaw
2017-08-29 13:29:00
cve
cve
CVE-2017-10951
2017-08-29 13:29:00
nvd
nvd
CVE-2017-10951
2017-08-29 13:29:00
zdi
zdi
openvas
openvas
myhack58
myhack58
nessus
nessus
Foxit Reader < 8.3.2 Multiple Vulnerabilities
2017-08-31 00:00:00
Foxit PhantomPDF < 8.3.2 Multiple Vulnerabilities
2017-08-31 00:00:00
thn
thn
Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader
2017-08-17 06:46:00
threatpost
threatpost
Foxit to Fix PDF Reader Zero Days by Friday
2017-08-22 12:33:26
seebug
seebug
kaspersky
kaspersky
KLA11093 Arbitrary code execution vulnerabilities in Foxit Reader
2017-08-17 00:00:00