CVE-2017-10956

Name of the Vulnerable Software and Affected Versions Foxit Reader version 8.3.1.21155

Description This issue allows remote attackers to disclose sensitive information on vulnerable installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the tile index member of SOT markers due to the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated object, potentially allowing an attacker to execute code in the context of the current process when combined with other vulnerabilities.

Recommendations For Foxit Reader version 8.3.1.21155, consider disabling the handling of SOT markers or restricting the opening of files from untrusted sources until a patch is available. As a temporary workaround, avoid visiting malicious pages or opening malicious files with Foxit Reader. At the moment, there is no information about a newer version that contains a fix for this vulnerability.