4 matches found
Foxit Reader Multiple Vulnerabilities (Nov 2017) - Windows
Foxit Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foxitsoftware:reader";...
CVE-2017-10953
CVE-2017-10953 affects Foxit Reader (up to 8.3.1.21155). The flaw is in the gotoURL method, where an unvalidated user-supplied string is used to perform a system call, enabling remote code execution. Exploitation requires user interaction (victim opens a malicious file or visits a crafted page). ...
Foxit Reader and PhantonPDF XFA gotoURL Command Injection (CVE-2017-10953; CVE-2019-8160)
A command injection vulnerability exists in the XFA component of Foxit Reader and PhantomPDF. This vulnerability is due to improper handling of user-supplied string for the gotoURL function call. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious web...
KLA11093 Arbitrary code execution vulnerabilities in Foxit Reader
Multiple serious vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. An improper validation of user-supplied data in the saveAs Java script function can b...