Vulnerability Description
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote attackers to execute arbitrary programs and have unspecified other impact via a crafted file, as demonstrated by the "Open/Execute a file" action.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foxitsoftware | Reader | 2.3 |
Related Weaknesses (CWE)
References
- http://blog.zoller.lu/2009/03/remote-code-execution-in-pdf-still.html
- http://lists.immunitysec.com/pipermail/dailydave/2010-April/006079.html
- http://secunia.com/advisories/34036Vendor Advisory
- http://www.coresecurity.com/content/foxit-reader-vulnerabilitiesVendor Advisory
- http://www.foxitsoftware.com/pdf/reader/security.htm#bypassPatchVendor Advisory
- http://www.securityfocus.com/archive/1/501623/100/0/threaded
- http://www.securityfocus.com/bid/34035Vendor Advisory
- http://www.securitytracker.com/id?1021824
- http://www.vupen.com/english/advisories/2009/0634Vendor Advisory
- http://blog.zoller.lu/2009/03/remote-code-execution-in-pdf-still.html
- http://lists.immunitysec.com/pipermail/dailydave/2010-April/006079.html
- http://secunia.com/advisories/34036Vendor Advisory
- http://www.coresecurity.com/content/foxit-reader-vulnerabilitiesVendor Advisory
- http://www.foxitsoftware.com/pdf/reader/security.htm#bypassPatchVendor Advisory
- http://www.securityfocus.com/archive/1/501623/100/0/threaded
FAQ
What is CVE-2009-0836?
CVE-2009-0836 is a vulnerability with a CVSS score of 10.0 (HIGH). Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 1120 and 1301, does not require user confirmation before performing dangerous actions defined in a PDF file, which allows remote...
How severe is CVE-2009-0836?
CVE-2009-0836 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0836?
Check the references section above for vendor advisories and patch information. Affected products include: Foxitsoftware Reader.