Release DateMay 18, 2011 |
Severityhigh |
ImpactSystem compromise |
DescriptionThis indicates a possible attack against a file write vulnerabilitiy in Foxit PDF Reader, the cause of the vulnerability is related to the JavaScript API which allows createDataObject() to create or overwrite arbitrary files. |
Affected ProductsFoxit PDF Reader 4.3.1.0118 and earlier. |
Recommended ActionsPlease refer to vendor's website for update or patch:http://www.foxitsoftware.com/pdf/reader/ |
Coverage IPS
VCM |
Reference/shttp://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.htmlhttp://secunia.com/advisories/43776/ |
