Foxit PDF reader there 2 at high-risk vulnerabilities, the vendor has refused to fix? - Vulnerability warning-the black bar safety net

Use Foxit (Foxit) PDF reader’s user to pay special attention to the security researchers which discovered two serious 0day vulnerability, such as not the reader is configured in the secure read mode open file, it would let the attacker on the target computer to execute arbitrary code.
Foxit company refused to fix
The first of a 0day Vulnerability (CVE-2017-10951) is a command injection vulnerability by Trend Micro ZDI and researchers Ariele Caltabiano found together; the second vulnerability is a file writing problem (CVE-2017-10952), by Offensive Security company researcher Steven Seeley found.
The attacker can be obtained by special preparation of the PDF file to Foxit user and induce them to open the way to exploit these vulnerabilities. Foxit company refused to fix both vulnerabilities and noted that the“Foxit Reader & Want a default exists to enable the safe reading mode to control the JavaScript runs, it can effectively prevent from unauthorized JavaScript action of a potential vulnerability issue.”
Through the JavaScript API to trigger
However, the researchers believe the construction of such mitigation measures and not completely to fix these vulnerabilities, if not fix, then as long as the attacker found to bypass the safe reading mode of the method will be able to use them. The two 0day vulnerabilities are able to by Foxit reader JavaScript API is triggered.
Command code injection Vulnerability (CVE-2017-10951) is present in the app. launchURL function, due to the lack of correct authentication, the function can be performed by attacker-provided string.
File write Vulnerability (CVE-2017-10952) is present in the “saveAs” JavaScript function, which could let an attacker on the target system in any specific location to write an arbitrary file. ZDI pointed out that the“Steven by a HTA file embedded into the document, and then call the saveAS writes it to the Startup folder so when it starts to execute arbitrary VBScript code to use this vulnerability.”
Repair recommendations
Recommended that the user enable the“safe reading mode”feature, in addition, uncheck the Foxit the“Preferences”directory in the“enable JavaScript actions”option, but this may affect some of the functions of the use. The user in the open by the mail received when a file is to remain vigilant. Recently researchers found that just opening a malicious PPT file that can infect a user’s computer. Therefore, keep an eye out for phishing emails, spam and malicious attachments.