Cybersecurity specialists reported the finding of multiple vulnerabilities in Foxit PDF Reader and Foxit PDF Editor, two popular tools for viewing and editing PDF files. According to the report, the successful exploitation of these flaws would allow the deployment of all kinds of attack scenarios.
Below are brief descriptions of some of the reported flaws, in addition to their respective tracking keys and scores assigned by the Common Vulnerability Scoring System (CVSS). It should be noted that some of these flaws do not yet receive CVE tracking key.
CVE-2021-41780: A boundary error when processing files would allow threat actors to create specially crafted PDF documents, tricking victims into triggering arbitrary code execution on affected systems.
This is a high severity flaw and received a CVSS score of 7.7/10, as its successful exploitation would allow full engagement of the target system.
CVE-2021-40326: Improper verification of digital signatures on PDF files would allow hackers to create legitimate-looking malicious files in the form of a signed PDF.
This vulnerability received a CVSS score of 5.7/10.
CVE-2021-41781: A boundary error when processing PDF files would allow malicious hackers to create specially crafted documents capable of executing arbitrary code on the affected system.
This is a high severity flaw and received a CVSS score of 7.7/10 because successful exploitation could lead to total compromise of the vulnerable system.
CVE-2021-41784: A boundary error when processing PDF files would allow threat actors to create specially designed files to generate corruption in the memory of the target system and execute arbitrary code.
The vulnerability received a CVSS score of 7.7/10.
CVE-2021-41782: A boundary error when processing PDF files would allow threat actors to cause memory corruption using specially crafted PDF documents.
The flaw received a CVSS score of 7.7/10 and its successful exploitation would allow threat actors to fully compromise the affected system.
CVE-2021-41783: A boundary error when processing PDF files would allow threat actors to use specially designed documents to execute arbitrary code on affected systems.
The flaw received a score of 7.7/10.
CVE-2021-41785: A boundary error when processing PDF files would allow threat actors to use specially crafted documents to generate memory corruption of the affected system.
This flaw received a CVSS score of 7.7/10.
No CVE key: A boundary error when processing JPEG2000 images in PDF files would allow threat actors to use specially crafted documents to execute arbitrary code on the affected system.
The flaw received a CVSS score of 7.7/10.
No CVE key: A boundary error when converting PDF files would allow threat actors to create specially designed files to trigger an out-of-bounds write on the target system.
No CVE key: A format string error when the util.printf function cannot handle the format extension properly would allow threat actors to create specially designed files to access sensitive information.
This is a low severity flaw and received a CVSS score of 3.8/10.
No CVE key: A boundary condition when handling PDF files would allow remote threat actors to run specially designed PDFs to trigger out-of-bounds read errors and access memory content on the affected system.
The flaw received a CVSS score of 3.7/10.
No CVE key: A boundary condition when handling PDFs with illegal dictionary entries would allow threat actors to create specially designed PDFs to trigger a stack overflow and force a crash of affected applications.
The vulnerability received a CVSS score of 2.7/10.
According to the report, the vulnerabilities reside in all versions of the affected products:
Foxit Reader for Windows: 9.0, 9.0.0.29935, 9.0.1.1049, 9.1, 9.1.0.5096, 9.2, 9.2.0.9297, 9.3, 9.3.0.10826, 9.4, 9.4.0.16811, 9.4.1.16828, 9.5.0.20723, 9.6.0.25114, 9.7.0.29455, 9.7.1.29511, 9.7.2.29539, 10.0.0.35798, 10.0.1, 10.0.1.35811, 10.1, 10.1.0.37527, 10.1.1, 10.1.1.37576, 10.1.3.37598, 10.1.4.37651, 11.0.0.49893 & 11.0.1.49938.
Foxit PDF Editor: 9.0, 9.0.0.29935, 9.0.1.1049, 9.0.1.31049, 9.1, 9.1.0.5096, 9.2, 9.2.0.9297, 9.3, 9.3.0.10826, 9.4, 9.4.0.16811, 9.4.1.16828, 9.5.0.20723, 9.6.0.25114, 9.7.0.29478, 9.7.1.29511, 9.7.2.29539, 9.7.3.29555, 9.7.4.29600, 9.7.5.29616, 10.0.0.35798, 10.0.1, 10.0.1.35811, 10.1.0.37527, 10.1.1, 10.1.1.37576, 10.1.3.37598, 10.1.4.37651, 10.1.5.37672, 11.0.0.0510, 11.0.0.49893, 11.0.1.0719 & 11.0.1.49938.
While many of the flaws can be exploited by unauthenticated remote threat actors, no active exploitation attempts have been detected so far. However, Foxit PDF recommends users of affected applications to update as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
