Vulnerabilities in Foxit Reader
Date: 18 August 2017
The purpose of this alert is to bring attention to two recently disclosed zero-day vulnerabilities in Foxit Reader.
Foxit Reader is a popular free PDF reader that is distributed by many websites. There are also Foxit Reader plugins for Microsoft Office programs including Word, Excel and PowerPoint.According to the security firm who has discovered the vulnerabilities, the vendor has decided to not fix the vulnerabilities because an attacker would need to bypass safe reading mode. This potentially however leaves the user exposed to high-impact vulnerabilities should a new technique arise allowing malicious actors to bypass the safe reading mode.
Due to the risks that those vulnerabilities present, CCIRC recommends that system administrators restrain or limit the interactions with Foxit Reader and/or make sure that the safe reading mode is always activated.
Note to Readers
In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.
Please note, CCIRC PGP key has recently been updated.
For general information, please contact Public Safety Canada's Public Affairs division at:
Telephone: 613-944-4875 or 1-800-830-3118
- Date modified: