CyberSecurityBoard
Sponsor Register Login

PDF Exploitation Targets Foxit Reader Users

Cybersecurity researchers have unveiled a concerning trend in PDF exploitation, particularly targeting users of Foxit Reader.
Despite Adobe Acrobat Reader's dominance in the market, Foxit Reader has emerged as a significant player, boasting over 700 million users worldwide, including major customers in both government and technology sectors.
Check Point Research has detected a distinct pattern of PDF exploitation aimed at Foxit Reader users, with variants actively utilized in real-world scenarios.
According to an advisory published on Tuesday, the exploit's low detection rate is attributed to the widespread use of Adobe Reader in most security solutions, leaving Foxit vulnerable.
NET and Python, have been employed to deploy the malware.
Notably, campaigns utilizing this exploit have been observed sharing malicious PDF files through unconventional channels such as Facebook.
The research uncovered a flaw in Foxit Reader's design, where users are presented with default options that could inadvertently lead to the execution of malicious commands.
Exploitation occurs when users agree to these default options without fully comprehending the associated risks, highlighting the intersection of flawed software design and common human behavior.
Further analysis revealed multiple instances of campaigns leveraging this exploit, ranging from espionage-focused attacks targeting military personnel to broader e-crime operations.
These campaigns demonstrated sophisticated attack chains and utilized a variety of malicious tools and malware families, including VenomRAT, Agent-Tesla and Remcos, among others.
In response to these findings, CPR has notified Foxit Reader, which has acknowledged the issue and committed to resolving it in the forthcoming 2024 3 version.
This research underscores the importance of maintaining vigilance against evolving threats, implementing timely software updates and fostering cybersecurity awareness among employees.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Wed, 15 May 2024 16:15:11 +0000


Cyber News related to PDF Exploitation Targets Foxit Reader Users

PDF Exploitation Targets Foxit Reader Users - Cybersecurity researchers have unveiled a concerning trend in PDF exploitation, particularly targeting users of Foxit Reader. Despite Adobe Acrobat Reader's dominance in the market, Foxit Reader has emerged as a significant player, boasting over 700 ...
4 months ago Infosecurity-magazine.com
How Attackers Distribute Malware to Foxit PDF Reader Users - Threat actors are exploiting a vulnerability in Foxit PDF Reader's alert system to deliver malware through booby-trapped PDF documents, according to researchers at Check Point. The researchers have identified several campaigns targeting Foxit Reader ...
4 months ago Cysecurity.news
Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader - Cisco Talos has disclosed 10 vulnerabilities over the past two weeks, including nine that exist in a popular online PDF reader that offers a browser plugin. Attackers could exploit these vulnerabilities in the Foxit PDF Reader to carry out a variety ...
9 months ago Blog.talosintelligence.com
CVE-2018-18689 - The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use ...
3 years ago
CVE-2009-2993 - The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows ...
5 years ago
CVE-2009-2988 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. Per: ...
5 years ago
CVE-2009-2998 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. Per: ...
5 years ago
CVE-2009-2986 - Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
5 years ago
CVE-2009-2981 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors. Per: ...
5 years ago
CVE-2009-3458 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. Per: ...
5 years ago
CVE-2009-2990 - Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
5 years ago
CVE-2009-2980 - Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. Per: ...
5 years ago
CVE-2009-2997 - Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
5 years ago
CVE-2009-2992 - An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. Per: ...
5 years ago
CVE-2009-2996 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985. ...
5 years ago
CVE-2009-2982 - An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. Per: ...
5 years ago
CVE-2009-2991 - Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. Per: ...
5 years ago
CVE-2009-2985 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996. ...
5 years ago
CVE-2009-2979 - Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. Per: ...
5 years ago
CVE-2009-2983 - Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Per: ...
5 years ago
CVE-2009-2994 - Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html ...
5 years ago
CVE-2021-31340 - A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 ...
1 year ago
CVE-2024-37995 - A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions ...
1 week ago
CVE-2024-37994 - A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions ...
1 week ago
CVE-2024-37993 - A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions ...
1 week ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)