“Foxit Reader & PhantomPDF has a Safe Reading Mode which is enabled by default to control the running of JavaScript, which can effectively guard against potential vulnerabilities from unauthorized JavaScript actions,” they commented. the target must visit a malicious page or open a malicious file.Īlso, both vulnerabilities can be exploited only if the application’s Safe Reading Mode is disabled.įoxit Software were appraised of the discovery, but said they would not implement additional protection against exploitation. Steven Seeley, the researcher who flagged the flaw, “exploited this vulnerability by embedding an HTA file in the document, then calling saveAS to write it to the startup folder, thus executing arbitrary vbscript code on startup.”īoth vulnerabilities require user interaction to be exploited, e.g. It also does not check the file extension. “SaveAs does not properly check the path it is given to write to,” ZDI security researcher Abdul-Aziz Hariri explained. The second one ( CVE-2017-10952) is a arbitrary file write flaw that exists within the saveAs JavaScript function. It does not filter file extensions, and therefore can be nade to launch executables.
The first one ( CVE-2017-10951) is a command injection flaw that exists within the app.launchURL method, and arises because the method accepts more than just URLs as arguments. Trend Micro’s Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader.
0 kommentar(er)
