CVE-2016-8856
Last modified
CVE-2016-8856 is a vulnerability of currently unknown severity. Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.. EPSS estimates a 0.82% chance of exploitation in the next 30 days.
Description
Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Foxitsoftware | Reader | <= 2.1.0.0804 |
| Foxitsoftware | Reader | <= 2.1.0.0805 |
References
- http://www.securityfocus.com/bid/93608Technical Description, VDB Entry
- https://www.foxitsoftware.com/support/security-bulletins.phpPatch, Vendor Advisory
- http://www.securityfocus.com/bid/93608Technical Description, VDB Entry
- https://www.foxitsoftware.com/support/security-bulletins.phpPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-8856?
How severe is CVE-2016-8856?
How do I fix CVE-2016-8856?
Are you affected by CVE-2016-8856?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST