CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 4CVE-2010-20010 – Foxit PDF Reader < 4.2.0.0928 Title Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-20010
20 Aug 2025 — Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file. • https://www.exploit-db.com/exploits/15532 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 3CVE-2011-10030 – Foxit PDF Reader < 4.3.1.0218 JavaScript File Write
https://notcve.org/view.php?id=CVE-2011-10030
20 Aug 2025 — Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb • CWE-73: External Control of File Name or Path •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12753 – Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-12753
30 Dec 2024 — Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. By creating a junction, an attacker can abuse the installer process to create an arbitrary file. • https://www.foxit.com/support/security-bulletins.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12751 – Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12751
30 Dec 2024 — Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an a... • https://www.foxit.com/support/security-bulletins.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12752 – Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-12752
30 Dec 2024 — Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption conditio... • https://www.foxit.com/support/security-bulletins.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 0CVE-2024-28888
https://notcve.org/view.php?id=CVE-2024-28888
02 Oct 2024 — A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1967 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9243 – Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9243
26 Sep 2024 — Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.zerodayinitiative.com/advisories/ZDI-24-1296 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9244 – Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9244
26 Sep 2024 — Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions se... • https://www.foxit.com/support/security-bulletins.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9245 – Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-9245
26 Sep 2024 — Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions se... • https://www.foxit.com/support/security-bulletins.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9246 – Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-9246
26 Sep 2024 — Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read ... • https://www.foxit.com/support/security-bulletins.html • CWE-125: Out-of-bounds Read •