CVE-2020-10908

Name of the Vulnerable Software and Affected Versions Foxit PhantomPDF version 9.7.0.29478 Foxit Reader (affected versions not specified)

Description The issue is related to errors in data type conversion in the implementation of the Export command in Foxit Reader and Foxit PhantomPDF. This can be exploited by a remote attacker to execute arbitrary code. The exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists in the handling of the Export command, specifically due to the lack of proper validation of user-supplied data, leading to a type confusion condition. This allows an attacker to execute code in the context of the current process.

Recommendations For Foxit PhantomPDF version 9.7.0.29478, consider disabling the Export command functionality until a patch is available. For Foxit Reader, at the moment, there is no information about a newer version that contains a fix for this vulnerability.