Foxit MobilePDF for Android | Security Research Advisory | VerSprite Foxit MobilePDF for Android | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  Foxit MobilePDF for Android

Foxit MobilePDF for Android

Path Traversal

CVE ID

VENDOR

Foxit Software

PRODUCT

Foxit MobilePDF for Android

Product version

< 6.0.2

Vulnerability Details

The Foxit MobilePDF for Android suffers from a path traversal vulnerability in its WiFi Transfer feature. An attacker can use escape characters in URI(s) that are processed by the WiFI Transfer feature in order to access files in the application's data directory.

Vendor response

Foxit Software has remediated the vulnerability

Disclosure timeline

2017-12-04 - Disclosed the vulnerability details to [email protected]
2017-12-06 - Emailed [email protected] to verify the information had been received
2017-12-06 - Foxit Software responded that the email had been received and the developers were working on a fix
2017-12-12 - Foxit Software confirmed that a fix had been implemented and an update would be available in January 2018
2018-1-08 - Foxit Software published a new security advisory for the affected application

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos