Foxit PDF Reader & Foxit PhantomPDF, the most dangerous PDF tools. Critical vulnerabilities allow hackers to spy on you

PDF readers have become one of the most exploited attack vectors in recent years. According to digital forensics services specialists, Foxit Software released some security patches to address various security flaws considered serious and affecting the Foxit PDF Reader editing and viewing platform.

Apparently, these vulnerabilities exist in versions of this software for the Windows operating system and, if exploited, would allow a remote threat actor to execute arbitrary code on the target system. Vulnerabilities have to do with Foxit Reader and Foxit PhantomPDF tools for Windows. This is a popular tool with over 500 million active users (free version only).

A report, published by the Zero Day Initiative (ZDI) vulnerability disclosure platform, mentions: “There are multiple flaws that could trigger remote code execution; all these failures must be considered critical.”

The first two flaws found in Foxit Reader (CVE-2020-10899 and CVE-2020-10907) allow remote code execution. For this, threat actors require tricking the user into visiting a page or downloading a malicious file. Both failures exist due to insufficient validation of the existence of an object before performing certain operations, as mentioned by digital forensics services specialists.

Also revealed was the presence of CVE-2020-10906, a flaw in the resetForm method within the Foxit Reader software. Because there is no verification of an object before performing certain operations, an opportunity window is created to deploy a remote code execution attack.

Regarding PhantomPDF some critical flaws were also fixed, including CVE-2020-10890 and CVE-2020-10892, which exist due to improper handling of the ConvertToPDF and CombineFiles commands. Exploiting these flaws would allow arbitrary writing of files with hacker-controlled data, digital forensics services experts said.

According to Foxit, any of the flaws described in this article can trigger remote code execution, although a potential threat actor requires user interaction to complete the attack. 

For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.