Lucene search
ZdiCVELIST:CVE-2017-10953HistoryOct 31, 2017 - 7:00 p.m.
CVE-2017-10953
2017-10-3119:00:00
CWE-78
zdi
www.cve.org
0.237 Low
EPSS
Percentile
96.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the gotoURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5030.
CNA Affected
[
{
"product": "Foxit Reader",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "8.3.0.14878"
}
]
}
]Related
nvd
nvd
CVE-2017-10953
2017-10-31 19:29:00
prion
prion
Design/Logic Flaw
2017-10-31 19:29:00
cve
cve
CVE-2017-10953
2017-10-31 19:29:00
zdi
zdi
checkpoint_advisories
checkpoint_advisories
kaspersky
kaspersky
KLA11093 Arbitrary code execution vulnerabilities in Foxit Reader
2017-08-17 00:00:00
KLA11065 Multiple vulnerabilities in Foxit Reader
2017-07-04 00:00:00
openvas
openvas
Foxit Reader Multiple Vulnerabilities (Nov 2017) - Windows
2017-11-10 00:00:00