CVE-2011-10030

Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in.

CVSS

No CVSS.

References

Link	Resource
http://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb
https://www.exploit-db.com/exploits/16978
https://www.foxit.com/pdf-reader/version-history.html
https://www.vulncheck.com/advisories/foxit-pdf-reader-javascript-file-write

Configurations

No configuration.

History

20 Aug 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-20 16:15

Updated : 2025-08-20 16:15

NVD link : CVE-2011-10030

Mitre link : CVE-2011-10030

CVE.ORG link : CVE-2011-10030

JSON object : View

Products Affected

No product.

CWE

CWE-73

External Control of File Name or Path

{"id": "CVE-2011-10030", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-20T16:15:36.150", "references": [{"url": "http://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html", "source": "disclosure@vulncheck.com"}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/16978", "source": "disclosure@vulncheck.com"}, {"url": "https://www.foxit.com/pdf-reader/version-history.html", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/foxit-pdf-reader-javascript-file-write", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-73"}]}], "descriptions": [{"lang": "en", "value": "Foxit PDF Reader <\u00a0 4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in."}], "lastModified": "2025-08-20T16:15:36.150", "sourceIdentifier": "disclosure@vulncheck.com"}