The Zero Day Initiative (ZDI) has gone public with a Foxit PDF Reader vulnerability without a fix, because the vendor resisted patching.
The ZDI made the decision last week that the two vulns, CVE-2017-10951 and CVE-2017-10952, warranted release so at least some of Foxit's 400 million users could protect themselves.
In both cases, the only chance at mitigation is to use the software's "Secure Mode" when opening files, something that users might skip in normal circumstances.
Foxit PDF Reader users need to use Safe Mode as 0-day vulnerabilities don't get fixed
Posted on Monday, August 21 2017 @ 13:23 CEST by Thomas De Maesschalck