Vulnerabilities in Foxit Reader

Number: AL17-010
Date: 18 August 2017

Purpose

The purpose of this alert is to bring attention to two recently disclosed zero-day vulnerabilities in Foxit Reader.

Assessment

Through open source reporting, CCIRC has been made aware of two recently disclosed zero-day vulnerabilities in Foxit Reader software that, when exploited though the JavaScript API in Foxit Reader, can allow remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. However, user interaction is required to exploit both vulnerabilities in that the target must visit a malicious page or open a malicious file.

Foxit Reader is a popular free PDF reader that is distributed by many websites. There are also Foxit Reader plugins for Microsoft Office programs including Word, Excel and PowerPoint.

According to the security firm who has discovered the vulnerabilities, the vendor has decided to not fix the vulnerabilities because an attacker would need to bypass safe reading mode.  This potentially however leaves the user exposed to high-impact vulnerabilities should a new technique arise allowing malicious actors to bypass the safe reading mode.

Suggested Action

Due to the risks that those vulnerabilities present, CCIRC recommends that system administrators restrain or limit the interactions with Foxit Reader and/or make sure that the safe reading mode is always activated.

References:

https://www.zerodayinitiative.com/blog/2017/8/17/busting-myths-in-foxit-reader
http://www.zerodayinitiative.com/advisories/ZDI-17-691/
http://www.zerodayinitiative.com/advisories/ZDI-17-692/

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: