Foxit MobilePDF for Android

Path Traversal


Foxit Software


Foxit MobilePDF for Android

Product Version

< 6.0.2

Vulnerability Details

The Foxit MobilePDF for Android suffers from a path traversal vulnerability in its WiFi Transfer feature.
An attacker can use escape characters in URI(s) that are processed by the WiFI Transfer feature in order to access files in the application’s data directory.

Vendor Response

Foxit Software has remediated the vulnerability

Disclosure Timeline

  • Disclosed the vulnerability details to [email protected]

  • Emailed [email protected] to verify the information had been received

  • Foxit Software responded that the email had been received and the developers were working on a fix

  • Foxit Software confirmed that a fix had been implemented and an update would be available in January 2018

  • Foxit Software published a new security advisory for the affected application