View RSS Feed

c0dist

(CVE-2016-8856) Foxit Reader for Linux and Mac: Local Privilege Escalation Writeup

Rate this Entry
Hi guys,

Recently, I stumbled on a very simple bug in Foxit Reader for Mac and Linux (From here on, just Foxit Reader). The vulnerability was caused by improper file permissions granted on core Foxit Reader's files on Linux and Mac systems. An attacker with a low privilege access could've exploited this vulnerability to elevate their privileges, execute commands as a higher privileged user, or both.

The version affected were:

Foxit Reader for Mac 2.1.0.0804 and earlier
Foxit Reader for Linux 2.1.0.0805 and earlier
Fixed version has been released and security bulletin is published here - https://www.foxitsoftware.com/suppor...-bulletins.php.

The issue has been assigned CVE-2016-8856.

I have written a detailed analysis on my blog here - https://c0d.ist/cve-2016-8856-foxit-...ation-writeup/.

Cheers,
c0dist
Tags: -1' Add / Edit Tags
Categories
Uncategorized

Comments

  1. b0nd's Avatar
    Good job buddy - you hit the bull's eyeWould love to see more from you Cheers!b0nd

Trackbacks

Total Trackbacks 0
Trackback URL: