CVE-2020-14425

Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
foxitsoftwarefoxit_reader
9.7.1 ≤
𝑥
< 10.0.0
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-Execution.html
https://www.exploit-db.com/exploits/48982
https://www.foxitsoftware.com/support/security-bulletins.php
http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-Execution.html
https://www.exploit-db.com/exploits/48982
https://www.foxitsoftware.com/support/security-bulletins.php