CVEs-PoC/2011/CVE-2011-10030.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-02-13 03:02:49 +00:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.1 KiB

Raw Permalink Blame History

CVE-2011-10030

Description

Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in.

POC

Reference

http://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html
https://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html
https://www.exploit-db.com/exploits/16978
https://www.vulncheck.com/advisories/foxit-pdf-reader-javascript-file-write

Github

No PoCs found on GitHub currently.

1.1 KiB Raw Permalink Blame History

CVE-2011-10030

Description

POC

Reference

Github

1.1 KiB

Raw Permalink Blame History