. home.aspx



18 Vulnerabilities Found in Foxit PDF Reader

October 03, 2018 / Kacy Zurkus

Eighteen vulnerabilities have been disclosed in Foxit PDF Reader, a commonly used alternative to Adobe Acrobat Reader, which is a widely used browser plugin, according to Cisco Talos. “Foxit PDF Reader is one of the most popular free tools for viewing, commenting on and editing PDF documents. Due to the popularity of the PDF file format, users gravitate towards free readers and editors as alternatives to products like Adobe Acrobat,” said Timur Kovalev, chief technology officer at Untangle. One of the vulnerabilities, TALOS-2018-0607/CVE-2018-3940, is an exploitable use-after-free flaw in the JavaScript engine that could enable remote code execution. “As a feature-rich PDF reader, Foxit supports JavaScript for interactive documents and dynamic forms. When executing embedded JavaScript code, a document can be closed, which frees numerous used objects, but the JavaScript can continue to execute, potentially leading to a user-after-free condition,” Cisco Talso rese...