Foxit PDF Reader JavaScript File Write Vulnerability Allowing Arbitrary File Creation and Overwriting

A vulnerability in Foxit PDF Reader versions prior to 4.3.1.0218 allows untrusted PDF content to write arbitrary files anywhere on the disk. This is achieved through a JavaScript API function called createDataObject(). An attacker can embed a malicious PDF that utilizes this function to drop executables or scripts into privileged folders. The dropped files can be executed the next time the system boots or the user logs in.

Impact

Exploitation of this vulnerability allows for arbitrary file writing, which can be leveraged to execute dropped files, particularly in the context of startup folders where they would run automatically.

Reproduction

The vulnerability can be reproduced by creating a PDF that includes a JavaScript payload using the createDataObject() function. This payload can specify any file path, including those that are privileged or hidden. Once the PDF is opened in an affected version of Foxit PDF Reader, the JavaScript is executed, and the specified files are written to the disk.

Remediation

Users are advised to update to Foxit PDF Reader version 4.3.1.0218 or later, where this vulnerability has been fixed.