CVE-2009-0837

Foxit Reader <3.0 Build 1506 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-0837. PoCs published by Metasploit, SkD, Francisco Falcon, bannedit, including Metasploit module exploits/windows/fileformat/foxit_reader_launch.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Foxit Reader 3.0 via a maliciously crafted PDF file with an Open Execute Action. It achieves arbitrary code execution by overflowing the buffer with a payload and manipulating the return address.

Description

Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/18905

This Metasploit module exploits a stack-based buffer overflow in Foxit Reader 3.0 via a maliciously crafted PDF file with an Open Execute Action. It achieves arbitrary code execution by overflowing the buffer with a payload and manipulating the return address.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Foxit Reader 3.0 builds 1301 and earlier
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by SkD · perllocalwindows
https://www.exploit-db.com/exploits/8201

This exploit targets a SEH buffer overflow in Foxit Reader 3.0 (Build 1301 or earlier) via a maliciously crafted PDF file. It employs heap spraying via JavaScript to achieve universal exploitation and executes a calc.exe payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Foxit Reader 3.0 (Build 1301 or earlier)
No auth needed
Prerequisites: Victim must open the malicious PDF file in a vulnerable version of Foxit Reader
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Francisco Falcon, bannedit · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/foxit_reader_launch.rb

This Metasploit module exploits a stack-based buffer overflow in Foxit Reader 3.0 via a maliciously crafted PDF file with a Launch action. It achieves arbitrary code execution by overflowing the buffer with a payload and manipulating the return address.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Foxit Reader 3.0 (builds 1301 and earlier)
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501623/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34036
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0634
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021824
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34035
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49136

Scores

EPSS 0.7578
EPSS Percentile 99.5%

Details

CWE
CWE-119
Status published
Products (1)
foxit/reader3.0
Published Mar 10, 2009
Tracked Since Feb 18, 2026