HomeAdvisoriesFoxit MobilePDF for Android

Foxit MobilePDF for Android

Path Traversal

Previous AdvisoryNext Advisory

CVE ID

CVE-2017-16814

Vendor

Foxit Software

Product

Foxit MobilePDF for Android

Product Version

< 6.0.2

Vulnerability Details

The Foxit MobilePDF for Android suffers from a path traversal vulnerability in its WiFi Transfer feature.
An attacker can use escape characters in URI(s) that are processed by the WiFI Transfer feature in order to access files in the application’s data directory.

Learn more

Vendor Response

Foxit Software has remediated the vulnerability

Disclosure Timeline

04.12.2017
Disclosed the vulnerability details to [email protected]
06.12.2017
Emailed security-[email protected] to verify the information had been received
06.12.2017
Foxit Software responded that the email had been received and the developers were working on a fix
12.12.2017
Foxit Software confirmed that a fix had been implemented and an update would be available in January 2018
08.01.2018
Foxit Software published a new security advisory for the affected application

Previous AdvisoryNext Advisory

A Look at RACI Models within Application Threat Modeling

Offensive Security

DevSecOps

GRC Services

Threat Intelligence

VS-Labs Security Research

Envisions Geopolitical Threat Report:

By Industry

Chrome Exploitation: How to easily launch a Chrome RCE+SBX exploit chain with one command

Security Resources

5 Steps to Implement an Application Threat Modeling Program

Who We Are

Foxit MobilePDF for Android

CVE ID

Vendor

Product

Product Version

Vulnerability Details

Vendor Response

Disclosure Timeline