[German]The developers of Foxit Reader and Phantom PDF has released a new version of these programs, to close two vulnerabilities.
FoxIt PDF Reader has two critical zero-day-vulnerabilities. These vulnerabilities allows attackers remote code execution on a target system. Vulnerability CVE-2017-10952 is caused by a write bug and has been discovered by Steven Seeley, working for Offensive Security, see. To use this vulnerability requires a FoxIt reader not configured in Safe Reading Mode. Safe Reading Mode is the default setting. Therefore FoxIt first says they won’t patch these vulnerabilities. After some web articles reported these insides, FoxIt made a decision to close the vulnerabilities. But that hasn’t been done yet.
A couple of days ago, a third party vendor offered an emergency patch for one vulnerability (I’ve blogged about that within my article Third party 0patch closes FoxIt vulnerability). On August 26, 2017 Foxit developers warns within this security bulletin that Version 22.214.171.12455 of Foxit PhantomPDF and Foxit Reader are vulnerable under Windows. They released an update for Foxit PhantomPDF and Foxit Reader to version 8.3.2 for download.