CVE-2010-1239

Foxit Reader < 3.2.1.0401 - Remote Code Execution via PDF Launch Action

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1239.

AI-analyzed exploit summary This is a technical writeup describing a PDF-based attack technique that uses a launch action to execute an embedded executable without exploiting a vulnerability. It leverages the PDF language specifications to trigger command execution, with varying behavior in Adobe Reader (user warning) and Foxit Reader (no warning).

Description

Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.

Exploits (1)

exploitdb WRITEUP

localwindows

https://www.exploit-db.com/exploits/11987

View Code ZIP pw:eip

This is a technical writeup describing a PDF-based attack technique that uses a launch action to execute an embedded executable without exploiting a vulnerability. It leverages the PDF language specifications to trigger command execution, with varying behavior in Adobe Reader (user warning) and Foxit Reader (no warning).

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Reader 9.3.1, Foxit Reader

No auth needed

Prerequisites: User interaction to open the PDF · Embedded executable in the PDF

MITRE ATT&CK

T1204 - User Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources x_refsource_misc

http://www.f-secure.com/weblog/archives/00001923.html

Patch, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/570177

Patch, Vendor Advisory x_refsource_confirm

http://www.foxitsoftware.com/pdf/reader/security.htm#0401

Patch, Vendor Advisory x_refsource_confirm

http://www.foxitsoftware.com/announcements/2010420408.html

Exploit x_refsource_misc

http://blog.didierstevens.com/2010/03/29/escape-from-pdf/

Exploit x_refsource_misc

http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/

Scores

EPSS 0.0753

EPSS Percentile 93.7%

Details

CWE

CWE-94

Status published

Products (7)

foxitsoftware/foxit_reader 2.3

foxitsoftware/foxit_reader 3.0

foxitsoftware/foxit_reader 3.1.0.0824

foxitsoftware/foxit_reader 3.1.1.0901

foxitsoftware/foxit_reader 3.1.1.0928

foxitsoftware/foxit_reader 3.1.3.1030

foxitsoftware/foxit_reader < 3.2.0.0303

Published Apr 05, 2010

Tracked Since Feb 18, 2026