==================================================================== CERT-Renater Note d'Information No. 2017/VULN257 _____________________________________________________________________ DATE : 14/09/2017 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Foxit Reader versions prior to 8.3.2, Foxit PhantomPDF versions prior to 7.3.17, 8.3.2. ===================================================================== https://www.foxitsoftware.com/support/security-bulletins.php ____________________________________________________________________ Security updates available in Foxit PhantomPDF 7.3.17 Release date: September 11, 2017 Platform: Windows Summary Foxit has released Foxit PhantomPDF 7.3.17, which address potential security and stability issues. Affected versions Product Affected versions Platform Foxit PhantomPDF 7.3.15.712 and earlier Windows Solution Update your applications to the latest versions by following one of the instructions below. From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Update” and update to the latest version. Click here download the updated version of Foxit PhantomPDF. Vulnerability details Brief Acknowledgement Addressed a potential issue where when the application is not running in Safe-Reading-mode, it could be exposed to command injection vulnerability with abusing the app.launchURL JavaScript call to execute a local program. riele Caltabiano (kimiya) working with Trend Micro's Zero Day Initiative Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary File Write vulnerability with abusing the this.saveAs function call to drop a file to the local file system. Steven Seeley (mr_me) of Offensive Security working with Trend Micro's Zero Day Initiative Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary Write vulnerability with abusing the createDataObject function call to create arbitrary executable file in the local file system. Steven Seeley (mr_me) Chris Evans / scarybeasts Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to command injection vulnerability with abusing the xfa.host.gotoURL function call to open arbitrary executable file. Steven Seeley (mr_me) of Offensive Security working with Trend Micro's Zero Day Initiative Alexander Inführ For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com. ____________________________________________________________________ Security updates available in Foxit Reader 8.3.2 and Foxit PhantomPDF 8.3.2 Release date: August 26, 2017 Platform: Windows Summary Foxit has released Foxit Reader 8.3.2 and Foxit PhantomPDF 8.3.2, which address potential security and stability issues. Affected versions Product Affected versions Platform Foxit Reader 8.3.1.21155 and earlier Windows Foxit PhantomPDF 8.3.1.21155 and earlier Windows Solution Update your applications to the latest versions by following one of the instructions below. From the “Help” tab of Foxit Reader or Foxit PhantomPDF, click on “Check for Updates” and update to the latest version. Click here to download the updated version of Foxit Reader from our website. Click here download the updated version of Foxit PhantomPDF. Vulnerability details Brief Acknowledgement Addressed a potential issue where when the application is not running in Safe-Reading-mode, it could be exposed to command injection vulnerability with abusing the app.launchURL JavaScript call to execute a local program. Ariele Caltabiano (kimiya) working with Trend Micro's Zero Day Initiative Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary File Write vulnerability with abusing the this.saveAs function call to drop a file to the local file system. Steven Seeley (mr_me) of Offensive Security working with Trend Micro's Zero Day Initiative Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to an Arbitrary Write vulnerability with abusing the createDataObject function call to create arbitrary executable file in the local file system. Steven Seeley (mr_me) Chris Evans / scarybeasts Addressed a potential issue where when the application is not running in Safe-Reading-Mode, it could be exposed to command injection vulnerability with abusing the xfa.host.gotoURL function call to open arbitrary executable file. Steven Seeley (mr_me) of Offensive Security working with Trend Micro's Zero Day Initiative Alexander Inführ For more information, please contact the Foxit Security Response Team at security-ml@foxitsoftware.com. ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================