Remote Code Execution Flaw in Foxit Studio Photo by Foxit Software
CVE-2020-17424
7.8HIGH
What is CVE-2020-17424?
The vulnerability identified in Foxit Studio Photo 3.6.6.922 enables remote attackers to execute arbitrary code by exploiting a flaw in the parsing of EZI files. For exploitation, the attacker must entice the target to open a malicious file or visit a harmful webpage, which triggers improper validation of user-supplied data. This flaw allows attackers to write past the end of allocated structures, effectively executing code within the context of the current process.
Affected Version(s)
Studio Photo 3.6.6.922