CVE-2009-0836

Foxit Reader 2.3-3.0 - Remote Code Execution via Crafted PDF File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0836. PoCs published by MC, including Metasploit module auxiliary/pdf/foxit/authbypass.

AI-analyzed exploit summary This Metasploit module exploits an authorization bypass vulnerability in Foxit Reader by crafting a malicious PDF file that executes arbitrary commands via an Open/Execute action without user confirmation.

Description

Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action.

Exploits (1)

metasploit WORKING POC

by MC · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/pdf/foxit/authbypass.rb

View Code ZIP pw:eip

This Metasploit module exploits an authorization bypass vulnerability in Foxit Reader by crafting a malicious PDF file that executes arbitrary commands via an Open/Execute action without user confirmation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Foxit Reader build 1120

No auth needed

Prerequisites: Victim must open the crafted PDF file

MITRE ATT&CK