从该网页截图中可以获取到以下关于漏洞的关键信息: 漏洞名称: Foxit Reader XFAScriptObject setFocus Type Confusion Remote Code Execution Vulnerability ID: ZDI-17-874, ZDI-CAN-5022 CVE ID: CVE-2017-14830 CVSS Score: 6.8; AV:N/AC:M/Au:N/C:P/I:P/A:P 受影响的厂商: Foxit 受影响的产品: Reader 关于漏洞的详细信息如下: > Vulnerability Details > > This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. > > The specific flaw exists within the setFocus method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. 此外,关于披露的时间线和漏洞报告的信用如下: Disclosure Timeline - 2017-08-08 - Vulnerability reported to vendor - 2017-11-14 - Coordinated public release of advisory Credit - Steven Seeley (mr._me) of Offensive Security 最后,还有额外的细节和保护措施: Additional Details - Foxit has issued an update to correct this vulnerability. More details can be found at: https://www.foxitsoftware.com/support/security-bulletins.php Trend Micro Customer Protection - Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['29556']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com