Foxit PDF Reader Vulnerable to Remote Code Execution


  • Cisco discovered four remote code execution vulnerabilities in Foxit PDF Reader’s JavaScript engine.
  • The developer was immediately notified, and a fixing patch has already been released.
  • Users are advised to be careful with what PDF files they open, as this would be enough to fall victims.

Researchers from the Cisco Talos security team have discovered four remote code execution (RCE) vulnerabilities in the Foxit PDF Reader. The product is a popular freemium alternative to Adobe Reader, which enables users to view, edit, sign, and print PDF files. It has quickly captured large chunks of the market by being small and snappy, and it is currently used by millions in Windows, macOS, Android, and iOS. Thus, the vulnerabilities that have been discovered affect a large number of users and all versions below, so everyone is urged to update to 9.7.1 or later immediately.

The discovered flaws are CVE-2019-5126, CVE-2019-5131, CVE-2019-5130, and CVE-2019-5145. These are all “use-after-free” vulnerabilities in the JavaScript engine of the application. It is triggered by specially crafted documents and can result in arbitrary code execution. The only requirement is tricking the victim to open the malicious document. If the victim uses the Foxit PDF browser extension, then visiting a webpage containing the file would be enough. Remember, the “use-after-free” type of exploits are a method to access memory after it has been freed by a valid pointer, and it’s a very common memory corruption problem the consequences of which being either RCE or program crash.

So, what could the user do in order to avoid falling victim to a damaging RCE attack? First, not using any PDF reading extension on your browser would be a good idea. After all, most browsers today have an in-built tool for that. Secondly, you should avoid opening PDF files that have downloaded on your system automatically or without you doing it consciously. Thirdly, any PDF files that are attached to phishing emails should be left untouched. Finally, you should regularly update your Foxit PDF Reader software and apply any available patches as soon as they are made available.

Back in August, Foxit software announced a security incident that has resulted in the exposure of the personal data of customers. This concerned both the users who paid for a premium product (more features) and those who were using the free version but still wanted to participate in the community. Thus, if you’re on the look for alternatives, you may return to Adobe’s offering, use Google Drive to open PDFs or install the open-source “Evince” reader. Other widely-used tools are the “Sumatra PDF” (lightweight and fast), the “PDF-XChange Editor” (feature-packed), or the “Nitro PDF” (well-balanced).