High severityNVD Advisory· Published Aug 20, 2025· Updated Apr 15, 2026
CVE-2011-10030
CVE-2011-10030
Description
Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <4.3.1.0218
Patches
Vulnerability mechanics
References
6- scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.htmlnvd
- raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_reader_filewrite.rbnvd
- scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.htmlnvd
- www.exploit-db.com/exploits/16978nvd
- www.foxit.com/pdf-reader/version-history.htmlnvd
- www.vulncheck.com/advisories/foxit-pdf-reader-javascript-file-writenvd
News mentions
0No linked articles in our index yet.