Two Foxit Reader RCE zero-day vulnerabilities disclosed
Posted on Aug 18, 2017 07:44 pm
Trend Micro’s Zero Day Initiative has released details about two
remote code execution zero-day flaws affecting popular freemium
PDF tool Foxit Reader. The first one (CVE-2017-10951) is a command
injection flaw that exists within the app.launchURL method, and
arises because the method accepts more than just URLs as
arguments. It does not filter file extensions, and therefore can
be nade to launch executables. It was discovered by Ariele
Caltabiano. The second one (CVE-2017-10952) is a … More →
Read in browser »
https://www.helpnetsecurity.com/2017/08/18/foxit-reader-rce-zero-day/
-- SENDER: gerald309 -- Have A Safe Computing Day! Webmaster: Malware Removal/Amateur Forensics HOME: BlueCollarPC.US [retired Summer 2016] HOME/FREE HELP SITE: https://sites.google.com/site/pcsecurityhelper/ Free Malware Removal Help / A Community Website Since 2005 RSS https://groups.google.com/forum/feed/bluecollarpcsecurity/msgs/rss.xml?num=15 YahooGroup: http://tech.groups.yahoo.com/group/BlueCollarPCSecurity Subscribe: BlueCollarPCSec...@yahoogroups.com MOBILES: https://sites.google.com/site/androidtableteers/ WordPress: http://pdamobilecafe.wordpress.com/ Alerts: pdamobilecafemobile...@yahoogroups.com RSS: https://groups.google.com/forum/feed/pdamobilecafe-mobilealerts/msgs/rss.xml?num=15