CVE-2016-8856

Published: Oct 31, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.

Affected (2)

Products: Foxitsoftware: Reader

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Foxitsoftware Reader	Up to 2.1.0.0805
Foxitsoftware Reader	Up to 2.1.0.0804

Related CWEs

References (6)

http://www.securityfocus.com/bid/93608

Source: cve@mitre.org

Technical DescriptionVDB Entry

http://www.securitytracker.com/id/1037101

Source: cve@mitre.org

https://www.foxitsoftware.com/support/security-bulletins.php

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/93608

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionVDB Entry

http://www.securitytracker.com/id/1037101

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.foxitsoftware.com/support/security-bulletins.php

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.