Docudepot PDF Reader Arbitrary File Overwrite Vulnerability Allowing Code Execution or Information Exposure
Vulnerability
A vulnerability allowing arbitrary file overwriting has been identified in Docudepot PDF Reader: PDF Viewer APP version 1.0.34. This vulnerability arises from inadequate security validation during the file import process, enabling attackers to overwrite critical internal files. Exploitation of this vulnerability could lead to arbitrary code execution or unauthorized exposure of sensitive information.
Impact
Exploitation of this vulnerability allows for arbitrary file overwriting, which could result in unauthorized code execution or exposure of sensitive information stored within the application.
Reproduction
The vulnerability can be reproduced by importing files through the application's file import process. A crafted file path can be used to overwrite critical internal files, taking advantage of insufficient security validation. Once the file is imported, the overwritten file can be accessed or executed, depending on the nature of the file and the code it contains.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.