Foxit Reader has released security updates for the Windows editions of its PDF tools. Programs are now available in the latest version. A number of vulnerabilities were removed, several of which would have enabled remote code execution under certain conditions.
The error is in the java script function. It accepts strings from any source because it has no way to validate them. For example, an attacker could create a string and pass it to the function. To do this, the program sends a phishing email that looks as if it came from a legitimate website. The attacker then waits for the recipient to open the attachment, which is presented like an order confirmation. Using the function, it can then take control of the victim’s PC remotely.
The attack starts when the target opens an email attachment that looks like confirmation of the purchase of a book. The document contains a hidden HTML file written in script that is executed when the document is saved and can cause the PC to crash.
Do Not Open Every File Attachment
The researchers who found the vulnerabilities therefore recommend all users not to open suspicious looking file attachments, to activate Safe Reading Mode and to deactivate Java script in the Foxit Reader settings. However, this limits the functionality of the program.