Foxit PhantomPDF < 8.3.2 Multiple Vulnerabilities
High Nessus Plugin ID 102858
SynopsisA PDF toolkit installed on the remote Windows host is affected by multiple vulnerabilities.
DescriptionAccording to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities:
- A flaw exists in the app.launchURL() method allowing a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-10951)
- A flaw that is triggered during the handling of the createDataObject() function calls that may allow an attacker to create arbitrary executable files on the local system. (OSVDB164283)
- A flaw exists that is triggered during the handling of xfa.host.gotoURL() function calls that may allow an attacker to execute arbitrary commands. (OSVDB164284)
SolutionUpgrade to Foxit PhantomPDF version 8.3.2 or later.