Announcement

Collapse
No announcement yet.

Foxit PDF Reader Vulnerable to 8 High-Severity Flaws

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Foxit PDF Reader Vulnerable to 8 High-Severity Flaws

    Eight high-severity vulnerabilities exist in the Foxit Reader tool for editing PDF files. Patches are available for eight high-severity flaws impacting the popular PDF software Foxit Reader. The bugs, which exist on Windows versions of the software, enable a remote attacker to execute arbitrary code on vulnerable systems.

    This week, Foxit Software, the company behind Foxit Reader, released the patches. While the number of Foxit Reader users is unclear, the company claimed last year it has over 475 million users of its products. More news WoodLand Daily News

    Foxit Software is urging customers to update to the latest version of its tool. “Foxit has released Foxit Reader 9.7, which addresses potential security and stability issues,” said the company in a security advisory.

    JavaScript Error
    The most severe of these flaws (CVE-2019-5031), which has a CVSS score of 8.8 out of 10.0, exists in how Foxit Reader interacts with JavaScript engine (the program that executes JavaScript code). JavaScript can be supported by Foxit Reader for interactive documents and dynamic forms. For instance, when a user opens a PDF document, it can execute JavaScript.

    However, when certain versions for the JavaScript engine (version 7.5.45 and previous versions in the V8 JavaScript engine) are used in version 9.4.1.16828 of Foxit Reader, it can result in arbitrary code execution and denial of service. That’s because in the impacted Foxit Reader version, opening the JavaScript engine results in a large amount of memory being allocated, which quickly uses up all available memory. This would usually result in an out-of-memory state being detected and the process would be terminated. However, that process does not exist in the impacted Foxit Reader.

    In an attack scenario, “a specially crafted PDF document can trigger an out-of-memory condition which isn’t handled properly, resulting in arbitrary code execution,” according to Cisco Talos, which discovered the flaw. “An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.”

    Other Flaws
    The remaining high-severity vulnerabilities in Foxit Reader were reported by Zero Day Initiative, and all have a CVSS score of 7.8 out of 10.0 on the CVSS scale, making them “high-severity.”

    In all cases, the vulnerabilities could allow a remote attacker to gain access to the victims’ systems. Foxit recommends Windows users with versions 9.6.0.25114 and earlier “upgrade to the latest version of Foxit Reader (9.7 or later), available from the Foxit Web site.”

    Three of the flaws (CVE-2019-13326,CVE-2019-13327,CVE-2019-13328) stem from issues tied to how Foxit Reader handles AcroForm Fields, which are PDF files that contain form fields, which data can be entered into.

    “The specific flaw exists within the processing of fields within Acroform objects,” said ZDI in regards to all three flaws. “The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.”

    The remaining high-severity flaws exist in Foxit Reader’s handling of TIF files (CVE-2019-13329), JPG files (CVE-2019-13330,CVE-2019-13331) and XFA Form Templates (CVE-2019-13332). XFA stands for XML Forms Architecture, a family of proprietary XML specifications that was developed by JetForm to enhance the processing of web forms.

    The flaws allow remote attackers to execute arbitrary code on affected installations of Foxit Reader; however, they all come with a caveat: The target must first visit a malicious page or open a malicious file.

    It’s only Foxit Software’s latest security issue: In August, the company said that hundreds of thousands of accounts were affected in a data breach that compromised user names, company names and IP addresses.

    Last year, Foxit Software patched over 100 vulnerabilities in its Foxit Reader. Many of the bugs tackled by the company include a wide array of high severity remote code execution vulnerabilities.

    What are the top cyber security issues associated with privileged account access and credential governance? Experts from Thycotic will discuss during our upcoming free Threatpost webinar, “Hackers and Security Pros: Where They Agree & Disagree When It Comes to Your Privileged Access Security.” Click here to register.

  • #2
    abliburapm ,Thanks for your post.Those security vulnerabilities you mentioned should have already been fixed and we have already published announcements on our security bulletin:
    https://www.foxitsoftware.com/suppor...-bulletins.php
    Also please kindly noted that our Foxit takes pride in software security. We diligently fix and report any vulnerabilities ASAP.
    For any potential security vulnerability discovered in our latest version 9.7.1 of Foxit PhantomPDF/Foxit Reader,please help tro write to our Foxit Security team ( [email protected]). For how to report security vulnerabilities,please refer to this page:
    https://www.foxitsoftware.com/suppor...rabilities.php

    Comment

    Working...
    X