Direct quote from the security advisories I linked:webfork wrote:Where did you get that they're refusing to fix them?SYSTEM wrote:Two security vulnerabilities have been found in Foxit Reader, and Foxit Software has refused to fix them.
And for the record, Secure Mode is enabled by default, which means that Foxit users are safe unless they disable it.07/20/17 - The vendor indicated this will not be fixed because this can be mitigated by Secure Mode
----
The main reason is that PDF simply contains way too many features. Both exploits here utilize JavaScript, which is very rarely needed, but a goldmine for exploits. Also, here's a beautiful quote from the hacking journal PoC||GTFO, issue 0x12, page 24:webfork wrote: Also, I am so very sick of PDF exploits. Why on earth is this still an issue? I *almost* get that some office Macros could cause problems but PDF? How is this a thing?
Krzysztof Kotowicz and G´abor Moln´ar wrote: At this point, you might wonder why Adobe implemented rendering embedded Flash movies in a 3D scene in a PDF file displayed in a browser.