Home | Research | Resources | Advisories | Foxit MobilePDF for Android
Path Traversal
CVE ID
CVE-2017-16814
VENDOR
Foxit Software
PRODUCT
Foxit MobilePDF for Android
Product version
< 6.0.2
Vulnerability Details
The Foxit MobilePDF for Android suffers from a path traversal vulnerability in its WiFi Transfer feature. An attacker can use escape characters in URI(s) that are processed by the WiFI Transfer feature in order to access files in the application's data directory.
Learn More →
Vendor response
Foxit Software has remediated the vulnerability
Disclosure timeline
2017-12-04 - Disclosed the vulnerability details to [email protected] 2017-12-06 - Emailed [email protected] to verify the information had been received 2017-12-06 - Foxit Software responded that the email had been received and the developers were working on a fix 2017-12-12 - Foxit Software confirmed that a fix had been implemented and an update would be available in January 2018 2018-1-08 - Foxit Software published a new security advisory for the affected application