Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote malicious users to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
foxitsoftware reader 2.3 |
||
foxitsoftware reader 3.0 |