A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. The reader includes Javascript support to enable dynamic documents and multimedia content, which can be viewed interactively. Talos has identified four use-after-free vulnerabilities in Foxit Reader. JavaScript support poses an additional attack surface. As a complete and feature-rich PDF reader, it supports JavaScript for interactive documents and dynamic forms. The Foxit Reader is one of the most popular PDF document readers, which aims to have feature parity with Adobe’s Acrobat Reader. Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities.Ĭisco Talos recently discovered several use-after-free vulnerabilities in Foxit Reader that could lead to arbitrary code execution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |