Arbitrary Code Execution and Denial of Service Vulnerability in Foxit Reader and PhantomPDF

Arbitrary Code Execution and Denial of Service Vulnerability in Foxit Reader and PhantomPDF

CVE-2017-14694 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.".

Learn more about our Web Application Penetration Testing UK.