CVE-2010-20010

HIGH

Foxit PDF Reader <4.2.0.0928 - RCE

Title source: llm

Description

Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16621

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by sud0 · pythonlocalwindows

https://www.exploit-db.com/exploits/15532

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by dookie · textdoswindows

https://www.exploit-db.com/exploits/15514

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by dookie, Sud0 · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/foxit_title_bof.rb

View Code ZIP pw:eip

References (6)

[Third Party Advisory] https://www.vulncheck.com/advisories/foxit-pdf-reader-title-stack-buffer-overflow

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/15532

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/16621

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_title_bof.rb

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/15514/

[Various Sources] https://www.foxit.com/pdf-reader/version-history.html

Scores

CVSS v4 8.4

EPSS 0.0702

EPSS Percentile 91.5%

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-121

Status published

Products (1)

Foxit Software/Foxit PDF Reader < 4.2.0.0928

Published Aug 20, 2025

Tracked Since Feb 18, 2026