Published: 05/04/2010 Updated: 06/04/2010

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Foxit Reader prior to 3.2.1.0401 allows remote malicious users to (1) execute arbitrary local programs via a certain "/Type /Action /S /Launch" sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified "/Launch /Action" sequence, a related issue to CVE-2009-0836.

Vulnerable Product	Search on Vulmon	Subscribe to Product
foxitsoftware foxit reader 3.1.1.0901
foxitsoftware foxit reader 3.0
foxitsoftware foxit reader 3.1.0.0824
foxitsoftware foxit reader 2.3
foxitsoftware foxit reader
foxitsoftware foxit reader 3.1.3.1030
foxitsoftware foxit reader 3.1.1.0928

Title : Escape From PDF Author : Didier Stevens Date : 03/29/2010 Source : blogdidierstevenscom/2010/03/29/escape-from-pdf/ This is a special PDF hack: I managed to make a PoC PDF to execute an embedded executable without exploiting any vulnerability! I use a launch action triggered by the opening of my PoC PDF With Adobe Reader, the us ...

CWE-94 http://www.foxitsoftware.com/pdf/reader/security.htm#0401 http://www.foxitsoftware.com/announcements/2010420408.html http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/http://www.kb.cert.org/vuls/id/570177 http://www.f-secure.com/weblog/archives/00001923.html http://blog.didierstevens.com/2010/03/29/escape-from-pdf/https://nvd.nist.gov https://www.exploit-db.com/exploits/11987/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-1239

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect