CVE-2016-8856 - OpenCVE

Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Foxitsoftware	Reader

Configuration 1 [-]

OR	cpe:2.3:a:foxitsoftware:reader::::::mac_os_x::*
	cpe:2.3:a:foxitsoftware:reader::::::linux_kernel::*

References

Link	Resource
http://www.securityfocus.com/bid/93608	Technical Description VDB Entry
http://www.securitytracker.com/id/1037101
https://www.foxitsoftware.com/support/security-bulletins.php	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-10-31T10:00:00

Updated: 2017-07-28T09:57:01

Reserved: 2016-10-19T00:00:00

Link: CVE-2016-8856

JSON object: View

NVD Information

Status : Modified

Published: 2016-10-31T10:59:09.380

Modified: 2017-07-29T01:34:20.070

Link: CVE-2016-8856

JSON object: View

Redhat Information

No data.

CWE

CWE-275

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-31T00:00:00", "descriptions": [{"lang": "en", "value": "Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "93608", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93608"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}, {"name": "1037101", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037101"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-8856", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "93608", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93608"}, {"name": "https://www.foxitsoftware.com/support/security-bulletins.php", "refsource": "CONFIRM", "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}, {"name": "1037101", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037101"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-8856", "datePublished": "2016-10-31T10:00:00", "dateReserved": "2016-10-19T00:00:00", "dateUpdated": "2017-07-28T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:mac_os_x:*:*", "matchCriteriaId": "D2CE5F97-306A-4ECF-829C-F8D55496103D", "versionEndIncluding": "2.1.0.0804", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:linux_kernel:*:*", "matchCriteriaId": "D1B85AF9-ADEC-4D60-8916-C8E978B44CB2", "versionEndIncluding": "2.1.0.0805", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both."}, {"lang": "es", "value": "Foxit Reader para Mac 2.1.0.0804 y versiones anteriores y Foxit Reader para Linux 2.1.0.0805 y versiones anteriores sufrieron una vulnerabilidad donde permisos de archivo d\u00e9biles podr\u00edan ser explotados por atacantes para ejecutar c\u00f3digo arbitrario. Despu\u00e9s de la instalaci\u00f3n, archivos del n\u00facleo de Foxit Reader eran de escritura universal por defecto, permitiendo a un atacante sobre escribirlos con c\u00f3digo de puerta trasera, lo cual cuando se ejecuta por un usuario privilegiado resultar\u00e1 en Privilege Escalation, Code Execution o ambas."}], "id": "CVE-2016-8856", "lastModified": "2017-07-29T01:34:20.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-31T10:59:09.380", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93608"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1037101"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.foxitsoftware.com/support/security-bulletins.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-275"}], "source": "nvd@nist.gov", "type": "Primary"}]}