View RSS Feed


(CVE-2016-8856) Foxit Reader for Linux and Mac: Local Privilege Escalation Writeup

Rate this Entry
Hi guys,

Recently, I stumbled on a very simple bug in Foxit Reader for Mac and Linux (From here on, just Foxit Reader). The vulnerability was caused by improper file permissions granted on core Foxit Reader's files on Linux and Mac systems. An attacker with a low privilege access could've exploited this vulnerability to elevate their privileges, execute commands as a higher privileged user, or both.

The version affected were:

Foxit Reader for Mac and earlier
Foxit Reader for Linux and earlier
Fixed version has been released and security bulletin is published here -

The issue has been assigned CVE-2016-8856.

I have written a detailed analysis on my blog here -

Tags: -1' Add / Edit Tags


  1. b0nd's Avatar
    Good job buddy - you hit the bull's eyeWould love to see more from you Cheers!b0nd


Total Trackbacks 0
Trackback URL: