CVE-2011-10030
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-20

Last updated on: 2025-08-22

Assigner: VulnCheck

Description
Foxit PDF Reader <Β  4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-20
Last Modified
2025-08-22
Generated
2026-05-06
AI Q&A
2025-08-20
EPSS Evaluated
2026-05-05
NVD
CVE-2011-10030
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
foxit pdf_reader 4.3.1.0218
foxit pdf_reader 4.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Foxit PDF Reader versions before 4.3.1.0218, where a JavaScript API function called createDataObject() allows untrusted PDF content to write arbitrary files anywhere on the disk. An attacker can embed a malicious PDF that uses this API to drop executables or scripts into privileged folders, potentially leading to code execution when the system boots or the user logs in.


How can this vulnerability impact me? :

The vulnerability can allow an attacker to execute arbitrary code on your system by placing malicious executables or scripts in privileged locations. This can lead to unauthorized control over your system, potentially compromising system integrity, confidentiality, and availability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart