Vladislav Mladenov

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Editor and Reader versions prior to 2025.2.1 **Description** The software allows for signature spoofing through the use of Optional Content Groups (OCG). When OCGs are supported, the state property of an OCG is runtime-only and is not included in the digital signature computation. An attacker can use JavaScript or PDF triggers to change the visibility of OCG content after signing, modifying the visual content of a signed PDF without invalidating the signature. This can lead to a discrepancy between the signed content and what is displayed to the signer or verifier, potentially compromising the trustworthiness of the digital signature. **Recommendations** Update to version 2025.2.1 or later. Update to version 14.0.1 or later. Update to version 13.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF and Editor versions prior to 13.2 Foxit PDF and Editor 2025 versions prior to 2025.2 **Description** A specially crafted PDF document can utilize JavaScript to modify annotation content and then remove the file’s modification status through JavaScript interfaces. This bypasses digital signature verification by concealing document changes, potentially misleading users about the document’s integrity and compromising the trust associated with signed PDFs. **Recommendations** Update Foxit PDF and Editor to version 13.2 or later. Update Foxit PDF and Editor 2025 to version 2025.2 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface in Microsoft Office. It allows a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache OpenOffice versions prior to 4.1.11 **Description** The issue is related to errors in checking signed documents, which can be exploited by a remote attacker to compromise the integrity of information. It is possible for an attacker to manipulate the timestamp of signed documents. **Recommendations** For versions prior to 4.1.11, update to version 4.1.11 to resolve the issue. As a temporary workaround, consider restricting the use of signed documents until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apache OpenOffice versions prior to 4.1.11 **Description** The issue is related to errors in cryptographic signature verification, allowing a remote attacker to modify the content of an ODF document. It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. **Recommendations** For versions prior to 4.1.11, update to version 4.1.11 to resolve the issue. As a temporary workaround, consider restricting the use of cryptographic signature verification features until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apache OpenOffice versions 4.1.10 and earlier **Description** The issue is related to errors in cryptographic signature verification, allowing an attacker to manipulate signed documents and macros to appear as if they come from a trusted source. **Recommendations** For Apache OpenOffice versions 4.1.10 and earlier, update to version 4.1.11 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PySAML2 versions prior to 6.5.0 **Description** The issue is related to an improper verification of cryptographic signatures, specifically a variant of XML Signature wrapping. This occurs because PySAML2 does not validate SAML documents against an XML schema, allowing invalid XML documents to be processed. Such documents can trick PySAML2 with a wrapped signature, potentially enabling a remote attacker to bypass signature verification and access protected information. All users of PySAML2 who need to validate signed SAML documents are impacted. **Recommendations** For PySAML2 versions prior to 6.5.0, upgrade to PySAML2 version 6.5.0 to resolve the issue. As a temporary workaround, consider disabling the use of signed SAML documents until the upgrade is possible. Restrict access to sensitive information that relies on SAML authentication to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Python oic versions prior to 1.2.1 **Description** The issue affects client implementations using the Python oic library, a Python OpenID Connect implementation. There are several related cryptographic issues: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) `oic.consumer.Consumer.parse authz` returns an unverified IdToken, with verification left to the implementator's discretion. 4) The `iat` claim was not checked for sanity, allowing it to be in the future. **Recommendations** For versions prior to 1.2.1, update to version 1.2.1 to resolve the issues. As a temporary workaround, consider disabling the use of the JWA `none` algorithm in all flows until the update is applied. Restrict access to the `oic.consumer.Consumer.parse authz` function to minimize the risk of exploitation until the update is applied. Avoid using the `iat` claim without proper sanity checks until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15 **Description** An issue existed in the handling of links in encrypted PDFs, which could allow an attacker to exfiltrate the contents of an encrypted PDF. This issue was addressed by adding a confirmation prompt. **Recommendations** For versions prior to 10.15, update to macOS Catalina 10.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal versions 6.x before 6.36 Drupal versions 7.x before 7.38 **Description** The issue allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers. This is demonstrated by providers such as Verisign, LiveJournal, and StackExchange. **Recommendations** For Drupal 6.x, update to version 6.36 or later. For Drupal 7.x, update to version 7.38 or later.