This script is Copyright (C) 2017 Tenable Network Security, Inc.
A PDF viewer installed on the remote Windows host is affected by
The version of Foxit Reader installed on the remote Windows host is
prior to 8.3.2. It is, therefore, affected by multiple
- A flaw exists in the app.launchURL() method allowing
a context-dependent attacker to potentially execute
arbitrary code. (CVE-2017-10951)
a context-dependent attacker to write to arbitrary
files and potentially execute arbitrary code.
- A flaw that is triggered during the handling of the
createDataObject() function calls that may allow an
attacker to create arbitrary executable files on the
local system. (OSVDB164283)
- A flaw exists that is triggered during the handling of
xfa.host.gotoURL() function calls that may allow an
attacker to execute arbitrary commands. (OSVDB164284)
See also :
Upgrade to Foxit Reader version 8.3.2 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true