CVE-2010-1239

2022-10-0316:20:59

CWE-94

[email protected]

web.nvd.nist.gov

foxit reader

cve-2010-1239

remote attackers

arbitrary execution

pdf vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.067 Low

EPSS

Percentile

93.9%

JSON

Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute arbitrary local programs via a certain “/Type /Action /S /Launch” sequence, and (2) execute arbitrary programs embedded in a PDF document via an unspecified “/Launch /Action” sequence, a related issue to CVE-2009-0836.

Affected configurations

NVD

Node

foxitsoftwarefoxit_readerRange≤3.2.0.0303

foxitsoftwarefoxit_readerMatch2.3

foxitsoftwarefoxit_readerMatch3.0

foxitsoftwarefoxit_readerMatch3.1.0.0824

foxitsoftwarefoxit_readerMatch3.1.1.0901

foxitsoftwarefoxit_readerMatch3.1.1.0928

foxitsoftwarefoxit_readerMatch3.1.3.1030

CPENameOperatorVersion
foxitsoftware:foxit_readerfoxitsoftware foxit readerle3.2.0.0303
foxitsoftware:foxit_readerfoxitsoftware foxit readereq2.3
foxitsoftware:foxit_readerfoxitsoftware foxit readereq3.0
foxitsoftware:foxit_readerfoxitsoftware foxit readereq3.1.0.0824
foxitsoftware:foxit_readerfoxitsoftware foxit readereq3.1.1.0901
foxitsoftware:foxit_readerfoxitsoftware foxit readereq3.1.1.0928
foxitsoftware:foxit_readerfoxitsoftware foxit readereq3.1.3.1030

CPE	Name	Operator	Version
foxitsoftware:foxit_reader	foxitsoftware foxit reader	le	3.2.0.0303
foxitsoftware:foxit_reader	foxitsoftware foxit reader	eq	2.3
foxitsoftware:foxit_reader	foxitsoftware foxit reader	eq	3.0
foxitsoftware:foxit_reader	foxitsoftware foxit reader	eq	3.1.0.0824
foxitsoftware:foxit_reader	foxitsoftware foxit reader	eq	3.1.1.0901
foxitsoftware:foxit_reader	foxitsoftware foxit reader	eq	3.1.1.0928
foxitsoftware:foxit_reader	foxitsoftware foxit reader	eq	3.1.3.1030