Experts found two critical zero-day flaws in the Foxit PDF Reader that could be exploited by attackers to execute arbitrary code on a targeted computer. The attack scenarios for both vulnerabilities see attackers send a specially crafted PDF file to a Foxit user and tricking him into opening it. The second vulnerability, tracked as CVE-2017-10952, is a file write flaw that affects the saveAs JavaScript function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call.”]
Source: http://securityaffairs.co/wordpress/62241/hacking/foxit-pdf-reader-zero-day.html

