Lucene search
Ariele Caltabiano (kimiya)ZDI-17-691HistoryAug 17, 2017 - 12:00 a.m.
(0Day) Foxit Reader launchURL Command Injection Remote Code Execution Vulnerability
2017-08-1700:00:00
Ariele Caltabiano (kimiya)
www.zerodayinitiative.com
42
0.067 Low
EPSS
Percentile
93.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within app.launchURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process.
Related
checkpoint_advisories
checkpoint_advisories
Foxit Reader PDF Command Injection Remote Code Execution (CVE-2017-10951)
2017-08-23 00:00:00
prion
prion
Design/Logic Flaw
2017-08-29 13:29:00
cve
cve
CVE-2017-10951
2017-08-29 13:29:00
nvd
nvd
CVE-2017-10951
2017-08-29 13:29:00
cvelist
cvelist
CVE-2017-10951
2017-08-29 13:00:00
openvas
openvas
thn
thn
Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader
2017-08-17 06:46:00
nessus
nessus
Foxit PhantomPDF < 8.3.2 Multiple Vulnerabilities
2017-08-31 00:00:00
Foxit Reader < 8.3.2 Multiple Vulnerabilities
2017-08-31 00:00:00
myhack58
myhack58
threatpost
threatpost
Foxit to Fix PDF Reader Zero Days by Friday
2017-08-22 12:33:26
seebug
seebug
kaspersky
kaspersky
KLA11093 Arbitrary code execution vulnerabilities in Foxit Reader
2017-08-17 00:00:00