Foxit Reader exists multiple security flaws that can lead to remote code execution
The Cisco’s Talos announced five security flaws in the Foxit PDF Reader on Thursday. Among them, four of them have a CVSS 3.0 score of 8.8. This means that they are classified as high-risk vulnerabilities.
Foxit PDF Reader is a worldwide popular and free PDF document viewer and printer for viewing, creating, and editing and printing any PDF file. It adopts the interface design style of Microsoft Office and provides users with an experience similar to Microsoft Office.
Generally speaking, Foxit PDF Reader will be a good choice if users are not accustomed to using Adobe Acrobat Reader. It is also widely used as a browser plug-in, enabling users to view PDF documents directly in web pages.
CVE-2017-14458
CVSS: 8.8
Affected version: Foxit PDF Reader 8.3.2.25013
Vulnerability description:
This vulnerability exists in Foxit Reader’s JavaScript engine for interactive documents and dynamic forms. A specially crafted PDF document can trigger previously released objects in memory for reuse, resulting in arbitrary code execution.
CVE-2018-3842
CVSS: 8.8
Affected version: Foxit PDF Reader 9.0.1.1049
Vulnerability description:
This vulnerability also exists in Foxit Reader’s JavaScript engine, which is caused by the presence of uninitialized pointers in the JavaScript engine. A specially crafted PDF document may result in the dereference of an uninitialized pointer. If the pointer is controlled by an attacker, it may result in arbitrary code execution.
CVE-2018-3843
CVSS: 6.5
Affected version: Foxit PDF Reader 9.0.1.1049
Vulnerability description:
Foxit PDF Reader version 9.0.1.1049 resolves the associated file comment file by the available type confusion vulnerability. A specially crafted PDF document may cause objects of an invalid type to be dereferenced, which may result in sensitive memory leaks and may result in arbitrary code execution.
CVE-2018-3850
CVSS: 8.8
Affected version: Foxit PDF Reader 9.0.1.1049
Vulnerability description:
There are exploitable post-release vulnerabilities in the Foxit Reader JavaScript engine. This particular vulnerability lies in the “this.xfa.clone()” method, which results in no subsequent use. A specially crafted PDF document can trigger previously released objects in memory for reuse, resulting in sensitive memory leaks or potentially arbitrary code execution.
CVE-2018-3853
CVSS: 8.8
Affected version: Foxit PDF Reader 9.0.1.1049
Vulnerability description:
This vulnerability exists in combination with the “createTemplate” and “closeDoc” methods associated with the JavaScript function of Foxit Reader. A specially crafted PDF document can trigger previously released objects in memory for reuse, resulting in sensitive memory leaks or potentially arbitrary code execution.
The Talos team stated that to trigger these vulnerabilities, the attacker only needs to trick victims into opening specially crafted malicious PDF files. If the victim has enabled the browser plug-in extension, the attacker can also trigger the vulnerability by tricking the victim into accessing a malicious website controlled by an attacker.
After receiving the report from the Talos team, Foxit has already fixed all the vulnerabilities in the latest release. Therefore, we recommend that users of Foxit Reader should update their software to the latest version as soon as possible.
