Main Vulnerability Database Vulnerabilities #VU52940

#VU52940 Link following in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF)

Published: May 6, 2021

Vulnerability identifier: #VU52940

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-59

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)

Software vendor:
Foxit Software Inc.

Description

The vulnerability allows a local user to delete arbitrary files on the system.

The vulnerability exists due to the way the application handles symbolic links. A local user can create symbolic links to critical files on the system and delete them, when the system administrator uninstalls the application.

Remediation

Install updates from vendor's website.

External links

https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06+00%3A00%3A00