Vulnerability Description
Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foxitsoftware | Reader | <= 2.1.0.0804 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/93608Technical DescriptionVDB Entry
- http://www.securitytracker.com/id/1037101
- https://www.foxitsoftware.com/support/security-bulletins.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/93608Technical DescriptionVDB Entry
- http://www.securitytracker.com/id/1037101
- https://www.foxitsoftware.com/support/security-bulletins.phpPatchVendor Advisory
FAQ
What is CVE-2016-8856?
CVE-2016-8856 is a vulnerability with a CVSS score of 7.8 (HIGH). Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbit...
How severe is CVE-2016-8856?
CVE-2016-8856 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-8856?
Check the references section above for vendor advisories and patch information. Affected products include: Foxitsoftware Reader.