CVE-2016-8856

7.8 HIGH
Published: October 31, 2016 Modified: May 06, 2026
View on NVD

Description

Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.securityfocus.com/bid/93608
Source: cve@mitre.org
Technical Description VDB Entry
http://www.securitytracker.com/id/1037101
Source: cve@mitre.org
https://www.foxitsoftware.com/support/security-bulletins.php
Source: cve@mitre.org
Patch Vendor Advisory
http://www.securityfocus.com/bid/93608
Source: af854a3a-2127-422b-91ae-364da2661108
Technical Description VDB Entry
http://www.securitytracker.com/id/1037101
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.foxitsoftware.com/support/security-bulletins.php
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory

6 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.8 / 10.0
EPSS (Exploit Probability)
0.8%
53th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-275

Affected Vendors

foxitsoftware

Related CVEs

CVE-2026-48777 N/A
CVE-2026-47750 7.8
CVE-2026-47747 7.8
CVE-2026-46448 5.4
CVE-2026-22313 9.1