Foxit Software has released patches for 8 critical vulnerabilities in Foxit PDF Reader viewing software for Windows.Exploiting vulnerabilities allows an attacker to remotely execute arbitrary code on target systems. Issues affect versions of Foxit Reader 126.96.36.19914 and earlier.
“As part of an attack, a specially crafted PDF document can cause a low memory condition that is not being processed properly, which will lead to the possibility of arbitrary code execution. To exploit the vulnerability, an attacker must trick a user into opening a malicious file or visiting a malicious website with the Foxit Reader plugin enabled”, – say Foxit Software developers.
Three other critical vulnerabilities (CVE-2019-13326, CVE-2019-13327, CVE-2019-13328) have a rating of 7.8 points out of a maximum of 10 on the CVSS scale.
In all cases, exploitation of vulnerabilities allows a remote attacker to gain access to victim systems. Problems are associated with processing fields in AcroForm objects. They arise due to the lack of verification of the existence of the object before performing operations with it. An attacker could use this vulnerability to execute code in the context of the current process.
Other vulnerabilities are associated with the processing of TIF files (CVE-2019-13329), JPG files (CVE-2019-13330, CVE-2019-13331) and XFA form templates (CVE-2019-13332).
Exploiting vulnerabilities allows an attacker to remotely execute arbitrary code, however, the victim must first visit a malicious page or open a malicious file.
Update the 3D Plugin Beta to the latest versions by following one of the instructions below.
From the “Help” tab of Foxit Reader, click on “Check for Updates” and update 3D Plugin Beta to the latest version.
Click here to download the updated version of 3D Plugin Beta for Foxit Reader from our website.
User Review( votes)