CVE-2016-8856
Description
Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Readers core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.007
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-8856 are fixed in Update For Foxit Reader (7.2.8.1124) | Windows |
| Vulnerabilities CVE-2016-8856 are fixed in Update For Foxit Reader (8.1.0.1013) | Windows |
| Vulnerabilities CVE-2016-8856 are fixed in Update For Foxit Reader Enterprise (8.1.0.1013) | Windows |
| Vulnerabilities CVE-2016-8856 are fixed in Update For Foxit Reader (8.1.1.1115) | Windows |
| Vulnerabilities CVE-2016-8856 are fixed in Update For Foxit Reader Enterprise (8.1.1.1115) | Windows |
| Vulnerabilities CVE-2016-8856 are fixed in Update For Foxit Reader Enterprise (8.1.4.1208) | Windows |
| Vulnerabilities CVE-2016-8856 are fixed in Update For Foxit Reader (8.1.4.1208) | Windows |
| Vulnerabilities CVE-2016-8856 are fixed in Foxit PhantomPDF 10 (EXE) 8.1 | Windows |
| Vulnerabilities CVE-2016-8856 are fixed in Foxit PhantomPDF 10 (MSI) 8.1 | Windows |
| Vulnerabilities CVE-2016-8856 are fixed in Foxit PhantomPDF 10 (ML) (EXE) 8.1 | Windows |
| Vulnerabilities CVE-2016-8856 are fixed in Foxit PhantomPDF 10 (ML) (MSI) 8.1 | Windows |
| Vulnerabilities CVE-2016-8856,CVE-2016-6867,CVE-2016-6868 are fixed in Update For Foxit Reader (7.2.8.1124) | Windows |
| Vulnerabilities CVE-2016-8856,CVE-2016-6867,CVE-2016-6868 are fixed in Update For Foxit Reader (8.1.0.1013) | Windows |
| Vulnerabilities CVE-2016-8856,CVE-2016-6867,CVE-2016-6868 are fixed in Update For Foxit Reader Enterprise (8.1.0.1013) | Windows |
| Vulnerabilities CVE-2016-8856,CVE-2016-6867,CVE-2016-6868 are fixed in Update For Foxit Reader (8.1.1.1115) | Windows |
| Vulnerabilities CVE-2016-8856,CVE-2016-6867,CVE-2016-6868 are fixed in Update For Foxit Reader Enterprise (8.1.1.1115) | Windows |
| Vulnerabilities CVE-2016-8856,CVE-2016-6867,CVE-2016-6868 are fixed in Update For Foxit Reader Enterprise (8.1.4.1208) | Windows |
| Vulnerabilities CVE-2016-8856,CVE-2016-6867,CVE-2016-6868 are fixed in Update For Foxit Reader (8.1.4.1208) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-341796 | Foxit Reader (2024.3.0.26795) |
| PATCH-341796 | Foxit Reader (2024.3.0.26795) |
| PATCH-341796 | Foxit Reader (2024.3.0.26795) |
| PATCH-347385 | Foxit PDF Reader (MSI) (2025.1.0.27937) |
| PATCH-341796 | Foxit Reader (2024.3.0.26795) |
| PATCH-331212 | Foxit PhantomPDF 10 (EXE) (10.1.12.37872) |
| PATCH-331215 | Foxit PhantomPDF 10 (MSI) (10.1.12.37872) |
| PATCH-331213 | Foxit PhantomPDF 10 (ML) (EXE) (10.1.12.37872) |
| PATCH-331214 | Foxit PhantomPDF 10 (ML) (MSI) (10.1.12.37872) |
| PATCH-347386 | Foxit Reader (2025.1.0.27937) |
| PATCH-347386 | Foxit Reader (2025.1.0.27937) |
| PATCH-347385 | Foxit PDF Reader (MSI) (2025.1.0.27937) |
| PATCH-347386 | Foxit Reader (2025.1.0.27937) |
| PATCH-347385 | Foxit PDF Reader (MSI) (2025.1.0.27937) |
| PATCH-347385 | Foxit PDF Reader (MSI) (2025.1.0.27937) |
| PATCH-347386 | Foxit Reader (2025.1.0.27937) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234