Endpoint Vulnerability

Security updates available in Foxit Reader 9.7.2 and Foxit PhantomPDF 9.7.2


Addressed potential issues where the application could be exposed to Type Confusion or Arbitrary File Write Remote Code Execution vulnerability and crash. This occurs during the handling of app.opencPDFWebPage JavaScript due to the lack of proper validation of parameters in socket message (ZDI-CAN-9828/ZDI-CAN-9829/ZDI-CAN-9830/ZDI-CAN-9831/ZDI-CAN-9865/ZDI-CAN-9942/ZDI-CAN-9943/ZDI-CAN-9944/ZDI-CAN-9945/ZDI-CAN-9946)

Affected Products

Foxit Reader