Two Foxit Reader RCE zero-day vulnerabilities disclosed

[Gerald309]

Two Foxit Reader RCE zero-day vulnerabilities disclosed
Posted on Aug 18, 2017 07:44 pm
Trend Micro’s Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader. The first one (CVE-2017-10951) is a command injection flaw that exists within the app.launchURL method, and arises because the method accepts more than just URLs as arguments. It does not filter file extensions, and therefore can be nade to launch executables. It was discovered by Ariele Caltabiano. The second one (CVE-2017-10952) is a … More →
Read in browser »  https://www.helpnetsecurity.com/2017/08/18/foxit-reader-rce-zero-day/

-- 
SENDER: gerald309 -- 
Have A Safe Computing Day!
Webmaster: Malware Removal/Amateur Forensics
HOME: BlueCollarPC.US [retired Summer 2016]
HOME/FREE HELP SITE: https://sites.google.com/site/pcsecurityhelper/
Free Malware Removal Help / A Community Website Since 2005 
RSS https://groups.google.com/forum/feed/bluecollarpcsecurity/msgs/rss.xml?num=15
YahooGroup: http://tech.groups.yahoo.com/group/BlueCollarPCSecurity
Subscribe: BlueCollarPCSec...@yahoogroups.com
MOBILES: https://sites.google.com/site/androidtableteers/
WordPress: http://pdamobilecafe.wordpress.com/ 
Alerts: pdamobilecafemobile...@yahoogroups.com 
RSS: https://groups.google.com/forum/feed/pdamobilecafe-mobilealerts/msgs/rss.xml?num=15