Eighteen vulnerabilities have been disclosed in Foxit PDF Reader, a commonly used alternative to Adobe Acrobat Reader, which is a widely used browser plugin, according to Cisco Talos.
“Foxit PDF Reader is one of the most popular free tools for viewing, commenting on and editing PDF documents. Due to the popularity of the PDF file format, users gravitate towards free readers and editors as alternatives to products like Adobe Acrobat,” said Timur Kovalev, chief technology officer at Untangle.
One of the vulnerabilities, TALOS-2018-0607/CVE-2018-3940, is an exploitable use-after-free flaw in the JavaScript engine that could enable remote code execution. “As a feature-rich PDF reader, Foxit supports JavaScript for interactive documents and dynamic forms. When executing embedded JavaScript code, a document can be closed, which frees numerous used objects, but the JavaScript can continue to execute, potentially leading to a user-after-free condition,” Cisco Talso researcher Aleksandar Nikolic wrote in a blog post.
“These are critical vulnerabilities that could lead to code execution – meaning a hacker could create a malicious PDF that, when opened, could install malware on the device. Since Foxit PDF also offers a browser plugin, users could unknowingly activate the vulnerability by viewing the document in a web browser,” Kovalev said.
Nikolic also listed Snort rules that can currently be used to detect exploitation attempts, though he noted that the current rules are subject to change. In addition, a patch is available for the 18 vulnerabilities disclosed.
“It is critical for any person or business using the Foxit products to immediately upgrade to the newest version to ensure the vulnerabilities are patched. Browser plugins have led to hackers exploiting weaknesses in the past, so it is important users understand the risk of enabling plugins,” Kovalev added.
“Always check the credentials of the software publisher, and ensure that unnecessary plugins are uninstalled. Hackers are always looking for the weakness in a product, network or device, so ensuring your systems are up to date and businesses are proactively protecting their employees and networks from the latest threats are crucial steps to stay one step ahead.”