Description
Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Nassim Asrir · localwindows
https://www.exploit-db.com/exploits/48982
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.foxitsoftware.com/support/security-bulletins.php
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/48982
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/159784/Foxit-Reader-9.7.1-Remote-Command-Execution.html
Scores
CVSS v3
7.8
EPSS
0.2029
EPSS Percentile
95.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
foxitsoftware/foxit_reader
9.7.1 - 10.0.0
Published
Nov 02, 2020
Tracked Since
Feb 18, 2026