CVE-2020-14425
published 2020-11-02CVE-2020-14425: Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the…
PriorityP261high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
39.43%
98.4th percentile
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxitsoftware | foxit_reader | >= 9.7.1 < 10.0.0 | 10.0.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor PDF files invoking the JavaScript API 'app.opencPDFWebPage', which is abused to execute local files and bypass the security dialog in Foxit Reader before 10.0. ↗
- →Flag Foxit Reader processes (version 9.7.1 and earlier pre-10.0 builds) that spawn unexpected child processes, as the vulnerability allows execution of local files via the malicious PDF's embedded JavaScript. ↗
- ·The vulnerability is present in Foxit Reader versions before 10.0; version 9.7.1 is explicitly confirmed as vulnerable in the public exploit. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-Execution.htmlhttps://www.exploit-db.com/exploits/48982https://www.foxitsoftware.com/support/security-bulletins.phphttp://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-Execution.htmlhttps://www.exploit-db.com/exploits/48982https://www.foxitsoftware.com/support/security-bulletins.php
2020-11-02
Published