CVE-2011-10030

Foxit PDF Reader < 4.3.1.0218 JavaScript File Write

CVSS 8.4 HIGHEPSS 0.4%CWE-73

Vexday Risk Score

36Atenção

Decisão SSVC (CISA)

Attend

PoC disponível → acompanhar de perto

CVSS 8.4EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit simPatch referenciado

Ciclo de vida

05 mar 2011Exploit Metasploit disponível

20 ago 2025Publicada no NVD

Recomendação: Planejar correção próxima — já existe PoC pública.

Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Foxit Software · Foxit PDF Reader

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb https://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html https://www.exploit-db.com/exploits/16978 https://www.foxit.com/pdf-reader/version-history.html https://www.vulncheck.com/advisories/foxit-pdf-reader-javascript-file-write