Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Foxit_reader | Foxitsoftware | 9.7.1 (including) | 10.0.0 (excluding) |