N/A

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5619.

N/A

保护机制失效

Foxit Reader和PhantomPDF 输入验证漏洞

Foxit Reader for Windows是中国福昕（Foxit）软件公司的一款基于Windows平台的PDF文档阅读器。Foxit PhantomPDF for Windows是它的商业版。 基于Windows平台的Foxit Reader 9.1.0.5096及之前版本和PhantomPDF 9.1.0.5096及之前版本中的‘exportAsFDF XFA’函数存在输入验证漏洞，该漏洞源于程序没有正确地验证用户提交的数据。远程攻击者可利用该漏洞向攻击者控制的地址写入任意文件，从而在当前进程的上

N/A

N/A