CVE-2011-10030
Foxit PDF Reader < 4.3.1.0218 JavaScript File Write
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in.
| CWE | CWE-73 |
| Vendor | foxit software |
| Product | foxit pdf reader |
| Published | Aug 20, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for foxit software foxit pdf reader
Be the first to know when new unknown vulnerabilities affecting foxit software foxit pdf reader are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Foxit Software / Foxit PDF Reader
* < 4.3.1.0218
References
raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb exploit-db.com: https://www.exploit-db.com/exploits/16978 scarybeastsecurity.blogspot.com: http://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html foxit.com: https://www.foxit.com/pdf-reader/version-history.html vulncheck.com: https://www.vulncheck.com/advisories/foxit-pdf-reader-javascript-file-write scarybeastsecurity.blogspot.com: https://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html
Credits
Chris Evans