#foxitpdf — Public Fediverse posts on home.social

Marcel SIneM(S)US @[email protected] · 2024-12-20 · 17:25 UTC

#FoxitPDF Editor und Reader: Attacken über präparierte PDF-Dateien möglich | Security https://www.heise.de/news/Foxit-PDF-Editor-und-Reader-Attacken-ueber-praeparierte-PDF-Dateien-moeglich-10211267.html #Foxit #Patchday

#foxitpdf #foxit #patchday

🛡 [email protected]/:~# :blinking_cursor: @[email protected] · 2024-05-16 · 08:54 UTC

Foxit PDF Reader Users Targeted by Malicious PDF Exploit

Date: May 15, 2024
CVE: CVE-2023-36033
Vulnerability Type: Remote Code Execution (RCE)
CWE: [[CWE-20]], [[CWE-78]], [[CWE-94]]
Sources: GBHackers, Checkpoint Research

Issue Summary

Researchers have identified a critical vulnerability in Foxit PDF Reader that allows attackers to execute malicious code on users' systems by exploiting a design flaw in the application's security warnings. The flaw makes it easy for attackers to trick users into approving malicious actions, leading to unauthorized access and data theft.

Technical Key Findings

The vulnerability stems from Foxit Reader's handling of security warnings, which default to an "OK" option. This flaw enables attackers to craft malicious PDFs that, when opened, prompt the user to approve actions unknowingly. Once approved, these actions can download and execute malicious code from a remote server, bypassing standard security detections.

Vulnerable Products

Foxit Reader

Impact Assessment

Exploitation of this vulnerability can lead to severe consequences, including unauthorized access to sensitive data, remote control of the affected device, and the ability to deploy various malware such as VenomRAT, Agent-Tesla, and others. This can result in data breaches, espionage, and further propagation of malware.

Patches or Workarounds

Foxit has acknowledged the issue and that it would be resolved in version 2024 3.

Tags

#FoxitPDF #CVE2023-36033 #RemoteCodeExecution #Malware #CyberSecurity #APT #VulnerabilityPatch #DataBreach