High severityNVD Advisory· Published Aug 20, 2025· Updated Apr 15, 2026

CVE-2011-10030

Description

Foxit PDF Reader < 4.3.1.0218 exposes a JavaScript API function, createDataObject(), that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code execution the next time the system boots or the user logs in.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.htmlnvd
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_reader_filewrite.rbnvd
scarybeastsecurity.blogspot.com/2011/03/dangerous-file-write-bug-in-foxit-pdf.htmlnvd
www.exploit-db.com/exploits/16978nvd
www.foxit.com/pdf-reader/version-history.htmlnvd
www.vulncheck.com/advisories/foxit-pdf-reader-javascript-file-writenvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000