Vulnerability Spotlight: Foxit PDF Reader JavaScript Remote Code Execution Vulns


#1

Vulnerability Spotlight: Foxit PDF Reader JavaScript Remote Code Execution Vulns (Jul 19, 2018)

Two Use-After-Free vulnerabilities within the Foxit PDF Reader application have been disclosed by Cisco Talos. The first vulnerability, CVE-2018-3924, originates in the JavaScript engine of the Foxit application. If a threat actor invokes the “mailForm” method of the active document, arbitrary code can be executed by a threat actor. The other vulnerability, CVE-2018-3939, is a user-after-free exploitable that could result in remote code execution. This specific vulnerability is with the utilisation of “createTemplate” in an active document which also results in arbitrary code execution.

Recommendation: At the time of this writing, distribution method for the malicious PDF file has not been reported, however, it does serve as a reminder to avoid documents that request Macros to be enabled. All employees should be educated on the risk of opening attachments from unknown senders. Anti-spam and antivirus protection should be implemented and kept up-to-date with the latest version to better ensure security.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.