Tuesday, August 17, 2021

Foxit Reader: Improper Link Resolution Before File Access ('Link Following') (CVE-2021-38570)

Description
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.
Solution(s)
  • foxit-reader-upgrade-10_1_4


  • References
  • https://attackerkb.com/topics/cve-2021-38570
  • CVE - 2021-38570
  • https://www.foxitsoftware.com/support/security-bulletins.php




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated