Foxit MobilePDF for Android | Security Research Advisory | VerSprite Foxit MobilePDF for Android | Security Research Advisory | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  Foxit MobilePDF for Android

Foxit MobilePDF for Android

Path Traversal

CVE ID

CVE-2017-16814

VENDOR

Foxit Software

PRODUCT

Foxit MobilePDF for Android

Product version

< 6.0.2

Vulnerability Details

The Foxit MobilePDF for Android suffers from a path traversal vulnerability in its WiFi Transfer feature. An attacker can use escape characters in URI(s) that are processed by the WiFI Transfer feature in order to access files in the application's data directory.

Learn More →

Vendor response

Foxit Software has remediated the vulnerability

Disclosure timeline

2017-12-04 - Disclosed the vulnerability details to [email protected]
2017-12-06 - Emailed [email protected] to verify the information had been received
2017-12-06 - Foxit Software responded that the email had been received and the developers were working on a fix
2017-12-12 - Foxit Software confirmed that a fix had been implemented and an update would be available in January 2018
2018-1-08 - Foxit Software published a new security advisory for the affected application

Android

Exploring Android Vulnerabilities and Binder: Part II Building POC Code with Android NDK

Blog Post

Exploring Android Vulnerabilities and Binder: Part II Building POC Code with Android NDK

Exploit Development

Android Vulnerability

Exploring Android Vulnerabilities and Binder: Part I

Blog Post

Exploring Android Vulnerabilities and Binder: Part I

Exploit Development

What is Responsible Disclosure?

Blog Post

What is Responsible Disclosure?

Exploitation of Vulnerabilities

    Back to Advisory Main         Visit Resource Library    

Offensive Minded Security Exploit Development

Learn More

arrow right

We are an international squad of professionals working as one.

logos

Copyright 2021 VerSprite - All Rights Reserved