I must admit that this vulnerability made me smile when I first saw it, especially since it looked similar to a vulnerability that I found in Adobe Reader in 2015 and patched last year: ZDI-16-285. The vulnerability exists within app.launchURL. This vulnerability was found and submitted to us by Ariele Caltabiano (kimiya). ZDI-CAN-4724 (CVE-2017-10951) – Foxit Reader app.launchURL command Injection: This blog describes the vulnerabilities and how they can be used to execute code. We disagree that this mitigation is sufficient protection from these bugs. “ Foxit Reader & PhantomPDF has a Safe Reading Mode which is enabled by default to control the running of JavaScript, which can effectively guard against potential vulnerabilities from unauthorized JavaScript actions.” Sadly, the vendor decided not to fix the vulnerabilities due to this fact and provided the following statement: In order to trigger these vulnerabilities, an attacker would need to bypass Safe Reading Mode. To be exact, they are Command Injection and File Write vulnerabilities that can be triggered through the JavaScript API in Foxit Reader. The beauty of these vulnerabilities is their simplicity by nature, and that they are not memory corruption vulnerabilities. These vulnerabilities were found by Steven Seeley (mr_me) and Ariele Caltabiano (kimiya). You can read the advisories here and here. We recently (15 minutes ago) published two 0-day advisories for vulnerabilities in Foxit. The Foxit team have been good partners in the past, and we look forward to working with them again in future. We thank the folks at Foxit for reconsidering this matter.
We are pleased to know they reversed course on these bugs. We apologize for our initial miscommunication when contacted about these vulnerabilities and are making changes to our procedures to mitigate the probability of it occurring again." In the meantime, users can help protect themselves by using the Safe Reading Mode.
#IS FOXIT READER SAFE SOFTWARE#
We are currently working to rapidly address the two vulnerabilities reported on the Zero Day Initiative blog and will quickly deliver software improvements. Our track record is strong in responding quickly in fixing vulnerabilities.
#IS FOXIT READER SAFE PDF#
"Foxit Software is deeply committed to delivering secure PDF products to its customers. UPDATE: Since publishing this blog, a Foxit representative reached out to us with the following statement:
0 kommentar(er)
