CVE-2011-10030External Control of File Name or Path in Software Foxit PDF Reader

CWE-73External Control of File Name or Path3 documents3 sources
Severity
8.4HIGHNVD
EPSS
3.0%
top 13.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Foxit Software Foxit PDF Reader
Timeline
PublishedAug 20

Description

Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5foxit_software/foxit_pdf_reader*4.3.1.0218

🔴Vulnerability Details

2
GHSA
GHSA-2w45-jcmr-q4fv: Foxit PDF Reader < 42025-08-20
CVEList
Foxit PDF Reader < 4.3.1.0218 JavaScript File Write2025-08-20
CVE-2011-10030 — External Control of File Name or Path | cvebase