Downloads: Free Remote Support: Click here  Remote Monitoring: Click here


<a href="/news/foxitpdf-reader-wont-patch" title="FoxitPDF Reader wont patch!">FoxitPDF Reader wont patch!</a>
Posted on: 21 Aug 2017 

Posted By: ITWiser Webmaster

FoxitPDF Reader wont patch!


It has been reported by Zero Day Initiative that FoxitPDF Reader have some vulnerabilities that haven’t got a fix, mainly because the vendor is resisting patching. The ZDI made the decision last week that they needed to go public about the vulnerabilities for FoxitPDF Reader. The vulnerabilities are CVE-2017-10951 AND CVE-2017-10952; they believe it warranted been released so at least some of the 400 million users could protect themselves from harm.

There is a slight bypass or workaround for these issues, that is to use the software’s secure mode when opening files, something that users might skip if they were normally opening a document.

CVE-2017-10951 is a vulnerability that allows the app.launchURL method to run a system call from a user supplied string, with insufficient validation.

CVE-2017-10952 is a vulnerability that means the “saveas” JavaScript function doesn’t validate what the user supplies. Which lets the attacker write files into an attacker controller location.

ITWiser offer a wide range of services and solutions that can help prevent issues like this from affecting you and your business. We offer internal security audits and external security audits, these audits are designed to highlight issues inside and outside your network. For more information on these or on any of our other services please get in touch today.

The Register