CVE-2011-10030

N/A Unknown

Published: August 20, 2025 Modified: April 15, 2026

Description

Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html

Source: disclosure@vulncheck.com

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb

Source: disclosure@vulncheck.com

https://www.exploit-db.com/exploits/16978

Source: disclosure@vulncheck.com

https://www.foxit.com/pdf-reader/version-history.html

Source: disclosure@vulncheck.com

https://www.vulncheck.com/advisories/foxit-pdf-reader-javascript-file-write

Source: disclosure@vulncheck.com

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_reader_filewrite.rb

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

https://scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.html

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

https://www.exploit-db.com/exploits/16978

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

8 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

3.0%

87th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-73

Related CVEs

CVE-2026-7724 5.0

CVE-2026-7723 7.3

CVE-2026-7722 5.3

CVE-2026-7721 6.3

CVE-2026-7720 6.3