Q
Problem solve Get help with specific problems with your technologies, process and projects.

Foxit Reader vulnerabilities: What can be done to mitigate them?

Two critical, zero-day Foxit Reader vulnerabilities haven't been patched and pose a threat to enterprises. Judith Myerson explains the vulnerabilities and how to mitigate them.

My company uses Foxit Reader to track who opens a PDF document and what they do, and to notify readers of new updates....

There were recently two critical, zero-day vulnerabilities found in Foxit Reader. What are the vulnerabilities, and what should be done to mitigate them?

Attackers can exploit the two Foxit Reader vulnerabilities by bypassing the default safe reading mode; the JavaScript API in Foxit Reader sets the stage for triggering them.

The first of the two Foxit Reader vulnerabilities -- CVE-2017-10951 -- is a command injection bug that was discovered by security researcher Ariele Caltabiano, who was working with Trend Micro's Zero Day Initiative.

The bug hides in applaunchURL, a JavaScript function. The function accepts any strings from any source, as it cannot properly validate them. In a simple scenario, the attacker crafts strings and injects them into the function. The attack begins when the victim gets a phishing email that looks like it is from a legitimate website. The attacker waits for the victim to click the attachment, which is made to look like a shipping order. The function is triggered to enable the attacker to remotely gain control of the victim's PC.

The second of the Foxit Reader vulnerabilities -- CVE-2017-10952 -- is a file write issue that was found by Offensive Security researcher Steven Seeley. It looks at the saveAs JavaScript function, which enables the attacker to save a document as a new file on the victim's PC.

In a simple scenario, the attack starts when the victim opens an email attachment that looks like a book order purchase. The document is embedded with an HTML application file containing malicious VBScript code. The JavaScript function is triggered as the victim saves the document. The attacker takes control of the victim's PC and crashes it.

Foxit refused to patch the two vulnerabilities because the patches would not work with safe reading mode. As a partial solution, the researchers recommend users stay away from suspicious-looking phishing emails and spam, ensure safe reading mode is enabled, and uncheck Enable JavaScript Actions from Foxit's preferences, although that may break some functionality.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Learn about the top JavaScript frameworks to accelerate software development

Find out why enterprises struggle with emergency patching

Discover more about the Apache open source Java tool for PDFs

This was last published in October 2017

Dig Deeper on Secure software development

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How has your organization been affected by Foxit Reader bugs?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close