New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

Foxit Addresses Severe Flaws

With over 100 vulnerabilities needing to be addressed, Foxit released patches on Foxit Reader 9.3 and Foxit PhantomPDF 9.3. Eighteen of these vulnerabilities were found on Monday and received an 8.0 score by CVSSv3, which is high in severity. All of them were found in the JavaScript engine which completes the task of executing JavaScript code. “As a feature-rich PDF reader, Foxit supports JavaScript for interactive documents and dynamic forms,” said Cisco in its post. “When executing embedded JavaScript code, a document can be closed, which frees numerous used objects, but the JavaScript can continue to execute, potentially leading to a use-after-free condition.” Four additional use-after-free flaws were found and could lead to the leverage of arbitrary code. PDF readers have had many issues within the past week as Adobe also addressed 47 critical vulnerabilities.