CVE-2011-10030

Foxit PDF Reader < 4.3.1.0218 JavaScript File Write

CVSS 8.4 HIGHEPSS 0.4%CWE-73

Vexday Risk Score

36Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 8.4EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit simPatch referenciado

Ciclo de vida

05 mar 2011Exploit Metasploit disponible

20 ago 2025Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Foxit Software · Foxit PDF Reader

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb https://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html https://www.exploit-db.com/exploits/16978 https://www.foxit.com/pdf-reader/version-history.html https://www.vulncheck.com/advisories/foxit-pdf-reader-javascript-file-write