"FoxIt Patches Code Execution Flaws in PDF Tools"

Foxit Software recently rolled out a critical-severity patch to cover a dangerous remote code execution flaw in its flagship PDF Reader and PDF Editor products.  The vulnerability, which was discovered and reported by researchers at the Renmin University of China, could be exploited via rigged PDF files of web pages.  Foxit noted that the vulnerability is contained to the Windows platform and affects Foxit PDF Reader 12.0.2.12465 and earlier and the Foxit PhantomPDF - 10.1.7.37777 and earlier.  According to security researchers at HackSys Inc., the vulnerability could be exploited if a target is tricked into visiting a rigged web page or opening a malicious file.  HackSys noted that the specific flaw exists within the handling of Doc objects.  The issue results from the lack of validating the existence of an object prior to performing operations on the object.  The company noted that an attacker can leverage this vulnerability to execute code in the context of the current process.  Foxit has struggled in the past with code execution issues in its PDF-processing products, and a data breach occurred that affected more than 300,000 users. 

SecurityWeek reports: "FoxIt Patches Code Execution Flaws in PDF Tools"