CVE-2011-10030 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Foxit PDF Reader
High CVSS: 8.4

CVE-2011-10030

Foxit PDF Reader <  4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in.
Vendor
-
Product
-
CWE
CWE-73
Yayın Tarihi
2025-08-20 16:15:36
Güncelleme
2025-08-22 18:09:17
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-73 HIGH 2025

Referanslar

http://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb https://www.exploit-db.com/exploits/16978 https://www.foxit.com/pdf-reader/version-history.html https://www.vulncheck.com/advisories/foxit-pdf-reader-javascript-file-write https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb https://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html https://www.exploit-db.com/exploits/16978