![]() ![]() Want to ask Judith Myerson a question about security? Submit your question now via email. As a partial solution, the researchers recommend users stay away from suspicious-looking phishing emails and spam, ensure safe reading mode is enabled, and uncheck Enable JavaScript Actions from Foxit's preferences, although that may break some functionality. To do this, follow these steps: Open an elevated command prompt. The attacker takes control of the victim's PC and crashes it.įoxit refused to patch the two vulnerabilities because the patches would not work with safe reading mode. The JavaScript function is triggered as the victim saves the document. The document is embedded with an HTML application file containing malicious VBScript code. In a simple scenario, the attack starts when the victim opens an email attachment that looks like a book order purchase. It looks at the saveAs JavaScript function, which enables the attacker to save a document as a new file on the victim's PC. The second of the Foxit Reader vulnerabilities - CVE-2017-10952 - is a file write issue that was found by Offensive Security researcher Steven Seeley. The function is triggered to enable the attacker to remotely gain control of the victim's PC. The attacker waits for the victim to click the attachment, which is made to look like a shipping order. The attack begins when the victim gets a phishing email that looks like it is from a legitimate website. In a simple scenario, the attacker crafts strings and injects them into the function. ![]() The function accepts any strings from any source, as it cannot properly validate them. The bug hides in applaunchURL, a JavaScript function. The first of the two Foxit Reader vulnerabilities - CVE-2017-10951 - is a command injection bug that was discovered by security researcher Ariele Caltabiano, who was working with Trend Micro's Zero Day Initiative. What are the vulnerabilities, and what should be done to mitigate them?Īttackers can exploit the two Foxit Reader vulnerabilities by bypassing the default safe reading mode the JavaScript API in Foxit Reader sets the stage for triggering them. There were recently two critical, zero-day vulnerabilities found in Foxit Reader. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |