CVE-2017-10952

HIGH

Foxit Reader 8.2.0.2051 - RCE

Title source: llm

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs JavaScript function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4518.

Exploits (1)

nomisec WRITEUP 1 stars
by afbase · poc
https://github.com/afbase/CVE-2017-10952

References (4)

Scores

CVSS v3 8.8
EPSS 0.0726
EPSS Percentile 91.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-20 CWE-693
Status draft

Affected Products (1)

foxitsoftware/foxit_reader

Timeline

Published Aug 29, 2017
Tracked Since Feb 18, 2026