CVE-2016-8856 — Reader vulnerability

CWE-2754 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 99.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxitsoftware Reader

Timeline

PublishedOct 31

Latest updateMay 17

Description

Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDfoxitsoftware/reader2.1.0.0804+1

Patches

Patch: www.foxitsoftware.com ↗Patch: www.foxitsoftware.com ↗

🔴Vulnerability Details

GHSA

GHSA-rjw9-v59v-932x: Foxit Reader for Mac 2↗2022-05-17

▶

CVEList

CVE-2016-8856: Foxit Reader for Mac 2↗2016-10-31

▶

💬Community

Bugzilla

CVE-2015-8856 serve-index: persistant cross-site scripting flaw↗2015-03-18

▶