cbcvebase.
CVE-2009-0836
published 2009-03-10

CVE-2009-0836: Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions…

PriorityP262critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
40.86%
98.5th percentile
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action.

Affected

9 ranges
VendorProductVersion rangeFixed in
foxitsoftwarefoxit_reader<= 3.2.0.0303
foxitsoftwarefoxit_reader
foxitsoftwarefoxit_reader
foxitsoftwarefoxit_reader
foxitsoftwarefoxit_reader
foxitsoftwarefoxit_reader
foxitsoftwarefoxit_reader
foxitsoftwarereader
foxitsoftwarereader

Detection & IOCsextracted from sources · hover to see the quote

  • Detect PDF files containing a '/Type /Action /S /Launch' sequence, which can be used to execute arbitrary local programs via Foxit Reader
  • Detect PDF files containing a '/Launch /Action' sequence used to execute arbitrary programs embedded in a PDF document
  • Target is Foxit Reader build 1120; flag use of this specific build in the environment as vulnerable to authorization bypass via Open/Execute PDF actions
  • ·The vulnerability affects Foxit Reader before version 3.2.1.0401; the Metasploit module specifically targets build 1120. Detection should be scoped to these versions.
  • ·Exploitation requires no confirmation from the victim, meaning no user interaction prompt is triggered — passive/behavioral detection is necessary as the user will not see a warning dialog.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.