CVE-2020-10913

Name of the Vulnerable Software and Affected Versions Foxit PhantomPDF version 9.7.0.29478 Foxit Reader (affected versions not specified)

Description The issue is related to errors in data type conversion in the implementation of the OCRAndExportToExcel command in Foxit Reader and Foxit PhantomPDF. This can be exploited by a remote attacker to execute arbitrary code. The exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists within the handling of the OCRAndExportToExcel command due to the lack of proper validation of user-supplied data, resulting in a type confusion condition. This allows an attacker to execute code in the context of the current process.

Recommendations For Foxit PhantomPDF version 9.7.0.29478, update to a version that fixes the type confusion issue in the OCRAndExportToExcel command handling. For Foxit Reader, at the moment, there is no information about a newer version that contains a fix for this vulnerability.