Foxit PDF Reader Vulnerable to Remote Code Execution

  • Cisco discovered four remote code execution vulnerabilities in Foxit PDF Reader’s JavaScript engine.
  • The developer was immediately notified, and a fixing patch has already been released.
  • Users are advised to be careful with what PDF files they open, as this would be enough to fall victims.

Researchers from the Cisco Talos security team have discovered four remote code execution (RCE) vulnerabilities in the Foxit PDF Reader. The product is a popular freemium alternative to Adobe Reader, which enables users to view, edit, sign, and print PDF files. It has quickly captured large chunks of the market by being small and snappy, and it is currently used by millions in Windows, macOS, Android, and iOS. Thus, the vulnerabilities that have been discovered affect a large number of users and all versions below 9.7.0.29, so everyone is urged to update to 9.7.1 or later immediately.

The discovered flaws are CVE-2019-5126, CVE-2019-5131, CVE-2019-5130, and CVE-2019-5145. These are all “use-after-free” vulnerabilities in the JavaScript engine of the application. It is triggered by specially crafted documents and can result in arbitrary code execution. The only requirement is tricking the victim to open the malicious document. If the victim uses the Foxit PDF browser extension, then visiting a webpage containing the file would be enough. Remember, the “use-after-free” type of exploits are a method to access memory after it has been freed by a valid pointer, and it’s a very common memory corruption problem the consequences of which being either RCE or program crash.

So, what could the user do in order to avoid falling victim to a damaging RCE attack? First, not using any PDF reading extension on your browser would be a good idea. After all, most browsers today have an in-built tool for that. Secondly, you should avoid opening PDF files that have downloaded on your system automatically or without you doing it consciously. Thirdly, any PDF files that are attached to phishing emails should be left untouched. Finally, you should regularly update your Foxit PDF Reader software and apply any available patches as soon as they are made available.

Back in August, Foxit software announced a security incident that has resulted in the exposure of the personal data of customers. This concerned both the users who paid for a premium product (more features) and those who were using the free version but still wanted to participate in the community. Thus, if you’re on the look for alternatives, you may return to Adobe’s offering, use Google Drive to open PDFs or install the open-source “Evince” reader. Other widely-used tools are the “Sumatra PDF” (lightweight and fast), the “PDF-XChange Editor” (feature-packed), or the “Nitro PDF” (well-balanced).

REVIEW OVERVIEW

Recent Articles

10 Best Ultrawide Gaming Monitors in 2020

Ultrawide monitors are a relatively new trend in the world of computers, mainly because the technology required to make them feasible was not mature...

More Than 15 Billion Stolen Credentials Are Circulating Out There

Stolen credentials are sold by the billions today, as we have about 185 data breaches per day. Almost one-third of the stolen...

Here’s What We Know About Kilos, the Biggest Dark Web Market

One of the most infamous sites on the Dark Web was a search engine known as "Grams." Launched in 2014, Grams allowed users to search...

Zoom Announced the Launch of Its “Hardware as a Service” Program

Zoom calls companies to consider renting teleconferencing equipment from them and launches a new program. The hardware manufacturers that will support the...

The U.S. Copyright Office Says Pirates Shouldn’t Lose Their Internet Connection

Breaking the law is condemnable, but barring someone out of the internet world is unconstitutional. The U.S. Copyright Office is calling the...