Remote Code Execution Vulnerability in Foxit PhantomPDF by Foxit Software
CVE-2021-27268

7.8HIGH

Key Information:

Vendor: Foxit
Status: PhantomPDF
Vendor: CVE Published:; 30 March 2021

What is CVE-2021-27268?

This vulnerability enables remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF, specifically version 10.1.0.37527. Exploitation is contingent upon user interaction, requiring the victim to visit a malicious website or open a compromised file. The flaw is rooted in the improper handling of U3D objects within PDF files, where the absence of validation for the existence of the object prior to operational commands can be manipulated by an attacker. This flaw poses significant risks as the code execution occurs within the context of the current user process, potentially allowing for unauthorized actions and data access.

Affected Version(s)

PhantomPDF 10.1.0.37527

References

https://www.foxitsoftware.com/support/security-bulletins.php

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-350/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2021
Vulnerability Reserved
Feb 16, 2021

Credit

Mat Powell of Trend Micro Zero Day Initiative