Remote code execution in Foxit PDF Compressor
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-12892 |
| CWE-ID | CWE-426 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Foxit PDF Compressor Client/Desktop applications / Office applications |
| Vendor | Foxit Software Inc. |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Insecure DLL loading
EUVDB-ID: #VU7993
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-12892
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges.
The vulnerability exists in the application's installer package due to untrusted search path elemant. A remote attacker can place a specially crafted .dll file on a remote SBM or WebDAV share, trick the victim into opening legitimate media file and execute arbitrary code on the target system with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 7.7.2.23.
Vulnerable software versionsFoxit PDF Compressor: 7.0.0.183 - 7.7.2.10
CPE2.3- cpe:2.3:a:foxit_software:foxit_pdf_compressor:7.0.0.183:*:*:*:*:*:*:*
- cpe:2.3:a:foxit_software:foxit_pdf_compressor:7.7.2.10:*:*:*:*:*:*:*
https://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
