Foxit Reader < 8.3.2 Multiple Vulnerabilities
High Nessus Plugin ID 102859
SynopsisA PDF viewer installed on the remote Windows host is affected by multiple vulnerabilities.
DescriptionThe version of Foxit Reader installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities:
- A flaw exists in the app.launchURL() method allowing a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-10951)
- A flaw that is triggered during the handling of the createDataObject() function calls that may allow an attacker to create arbitrary executable files on the local system. (OSVDB164283)
- A flaw exists that is triggered during the handling of xfa.host.gotoURL() function calls that may allow an attacker to execute arbitrary commands. (OSVDB164284)
SolutionUpgrade to Foxit Reader version 8.3.2 or later.