[German]FoxIt PDF Reader has two critical zero-day-vulnerabilities, that hasn’t been patched yet. Now a third party security vendor has released a micro patch to close CVE-2017-10952.
Some background information
A couple of days ago I’ve blogged within my German blog about two critical vulnerabilities within FoxIt PDF-Reader (see my German blog post Zwei kritische Sicherheitslücken im Foxit PDF Reader). These vulnerabilities allows attackers remote code execution on a target system.
Vulnerability CVE-2017-10952 is caused by a write bug and has been discovered by Steven Seeley, working for Offensive Security, see. To use this vulnerability requires a FoxIt reader not configured in Safe Reading Mode. Safe Reading Mode is the default setting. Therefore FoxIt first says they won’t patch these vulnerabilities. After some web articles reported these insides, FoxIt made a decision to close the vulnerabilities. But that hasn’t been done yet.
With a little help from third party vendors
Today ACROS Security send me a mail, due to my blog post mentioned above. They informed me, that the company has developed a micro patch to fix vulnerability CVE-2017-10952.
ACROS Security is specialized in developing such micro patches, using a so called “0patch” technology. Details about this technology may be found within https://0patch.com. 0patch technology will allow vendors to deploy microscopic patches for vulnerabilities in their products, dramatically decreasing the time between vulnerability discovery and patch application.
Ok, let’s come back to FoxIt Reader. Within this blog post, folks from ACROS Security describes CVE-2017-10952 in detail. Then a micro patch written in Assembler will be introduced. If the 0patch agent is installed on Windows, the micro patch will be applied each time, FoxIt Reader is launched.
BTW: 0patch isn’t new. In March 2017 I’ve published the German blog post Temporärer Fix für Windows GDI-Sicherheitslücke a zero-day-exploit in Windows. The 0patch initiative has developed a micro patch to close this ACROS Security zero-day-exploit in Windows.