Foxit MobilePDF for Android
Path Traversal
CVE ID
Vendor
Foxit Software
Product
Foxit MobilePDF for Android
Product Version
< 6.0.2
Vulnerability Details
The Foxit MobilePDF for Android suffers from a path traversal vulnerability in its WiFi Transfer feature.
An attacker can use escape characters in URI(s) that are processed by the WiFI Transfer feature in order to access files in the application’s data directory.
Vendor Response
Foxit Software has remediated the vulnerability
Disclosure Timeline
-
Disclosed the vulnerability details to [email protected]
-
Emailed [email protected] to verify the information had been received
-
Foxit Software responded that the email had been received and the developers were working on a fix
-
Foxit Software confirmed that a fix had been implemented and an update would be available in January 2018
-
Foxit Software published a new security advisory for the affected application
