CVE-2010-20010

HIGH

Foxit PDF Reader < 4.2.0.0928 - Stack-based Buffer Overflow via PDF Info Title Entry

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2010-20010. PoCs published by Metasploit, sud0, dookie, including Metasploit module exploits/windows/fileformat/foxit_title_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Foxit PDF Reader v4.1.1 by crafting a malformed PDF with an overly long Title field, leading to SEH overwrite and arbitrary code execution via an egghunter and encoded payload.

Description

Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16621

This Metasploit module exploits a stack buffer overflow in Foxit PDF Reader v4.1.1 by crafting a malformed PDF with an overly long Title field, leading to SEH overwrite and arbitrary code execution via an egghunter and encoded payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Foxit PDF Reader v4.1.1
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by sud0 · pythonlocalwindows
https://www.exploit-db.com/exploits/15532

This exploit targets a buffer overflow vulnerability in Foxit Reader 4.1.1, leveraging a crafted PDF header to overwrite EIP/SEH for arbitrary code execution. The PoC includes a large header designed to trigger the vulnerability and is based on prior research from Corelan Security Team.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Foxit Reader 4.1.1
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by dookie · textdoswindows
https://www.exploit-db.com/exploits/15514

This exploit targets a stack overflow vulnerability in Foxit Reader 4.1.1, where an overly long Unicode title causes an SEH overwrite. The PoC requires the exception to be passed twice to reach the overwritten handler, demonstrating a classic stack-based buffer overflow leading to potential arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Foxit Reader 4.1.1
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by dookie, Sud0 · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/foxit_title_bof.rb

This Metasploit module exploits a stack buffer overflow in Foxit PDF Reader v4.1.1 by crafting a malformed PDF with an overly long Title field, overwriting SEH records to achieve remote code execution. It uses an egghunter and alphanumeric encoding to bypass bad character restrictions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Foxit PDF Reader v4.1.1
No auth needed
Prerequisites: Victim must open the malicious PDF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v4 8.4
EPSS 0.0032
EPSS Percentile 23.4%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-121
Status published
Products (1)
Foxit Software/Foxit PDF Reader < 4.2.0.0928
Published Aug 20, 2025
Tracked Since Feb 18, 2026