Foxit Reader CVE-2017-10948 Use After Free Remote Code Execution Vulnerability

Foxit Reader is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

Foxit Reader 8.3.2.25013 and earlier are vulnerable.

Information

Bugtraq ID: 101670
Class: Boundary Condition Error
CVE: CVE-2017-10948

Remote: Yes
Local: No
Published: Nov 01 2017 12:00AM
Updated: Nov 01 2017 12:00AM
Credit: Steven Seeley.
Vulnerable: Foxit Reader 8.3.1
Foxit Reader 8.2.1
Foxit Reader 8.0.2
Foxit Reader 8.3.2.25013
Foxit Reader 8.3
Foxit Reader 8.2
Foxit Reader 8.1.4.1208
Foxit Reader 8.1.1
Foxit Reader 8.1.0.1013
Foxit Reader 8.1
Foxit Reader 8.0.5
Foxit Reader 8.0.2.805
Foxit Reader 8.0.0.624
Foxit Reader 8.0

Not Vulnerable: Foxit Reader 9.0

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Foxit Homepage (Foxit Software)
  
• Foxit Reader execMenuItem Use-After-Free Remote Code Execution Vulnerability (ZDI)
  
• Foxit Security Bulletins (foxitsoftware)
  

Source: www.securityfocus.com