Vulnerability Description
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foxitsoftware | Foxit Reader | >= 9.7.1, < 10.0.0 |
References
- http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-ExExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/48982ExploitThird Party AdvisoryVDB Entry
- https://www.foxitsoftware.com/support/security-bulletins.phpVendor Advisory
- http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-ExExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/48982ExploitThird Party AdvisoryVDB Entry
- https://www.foxitsoftware.com/support/security-bulletins.phpVendor Advisory
FAQ
What is CVE-2020-14425?
CVE-2020-14425 is a vulnerability with a CVSS score of 7.8 (HIGH). Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.
How severe is CVE-2020-14425?
CVE-2020-14425 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14425?
Check the references section above for vendor advisories and patch information. Affected products include: Foxitsoftware Foxit Reader.