Foxit Software has released patches for dozens of high-severity flaws impacting its PDF reader and editor platforms. Foxit Reader and PhantomPDF are plagued by several high-esperity flaws that, if exploited, could enable remote code execution. The most severe of the bugs, which exist on Windows versions of the software, enable a remote attacker to execute arbitrary code on vulnerable systems. The flaws stem from the handling of the ConvertToPDF command and the CombineFiles command, which allow an arbitrary file write with attacker controlled data.
Source: https://threatpost.com/foxit-pdf-reader-phantompdf-remote-code-execution/154942/