cbcvebase.
CVE-2020-14425
published 2020-11-02

CVE-2020-14425: Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the…

PriorityP261high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
39.43%
98.4th percentile
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.

Affected

1 ranges
VendorProductVersion rangeFixed in
foxitsoftwarefoxit_reader>= 9.7.1 < 10.0.010.0.0

Detection & IOCsextracted from sources · hover to see the quote

commandapp.opencPDFWebPage
  • Monitor PDF files invoking the JavaScript API 'app.opencPDFWebPage', which is abused to execute local files and bypass the security dialog in Foxit Reader before 10.0.
  • Flag Foxit Reader processes (version 9.7.1 and earlier pre-10.0 builds) that spawn unexpected child processes, as the vulnerability allows execution of local files via the malicious PDF's embedded JavaScript.
  • ·The vulnerability is present in Foxit Reader versions before 10.0; version 9.7.1 is explicitly confirmed as vulnerable in the public exploit.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.