Vulnerability Details CVE-2020-14425
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.311
EPSS Ranking 96.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-Execution.html
- https://www.exploit-db.com/exploits/48982
- https://www.foxitsoftware.com/support/security-bulletins.php
- http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-Execution.html
- https://www.exploit-db.com/exploits/48982
- https://www.foxitsoftware.com/support/security-bulletins.php
Products affected by CVE-2020-14425
-
cpe:2.3:a:foxitsoftware:foxit_reader:9.7.1
-
cpe:2.3:a:foxitsoftware:foxit_reader:9.7.1.29511
-
cpe:2.3:a:foxitsoftware:foxit_reader:9.7.2.29539