CVE-2020-14425

EUVD-2020-6564
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
foxitsoftwarefoxit_reader
9.7.1 ≤
𝑥
< 10.0.0
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-Execution.html
https://www.exploit-db.com/exploits/48982
https://www.foxitsoftware.com/support/security-bulletins.php
http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-Execution.html
https://www.exploit-db.com/exploits/48982
https://www.foxitsoftware.com/support/security-bulletins.php