Information disclosure in Foxit MobilePDF for Android 6.1
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | N/A |
| CWE-ID | CWE-200 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
MobilePDF for Android Mobile applications / Apps for mobile phones |
| Vendor | Foxit Software Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU9875
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to exposed interface of the Wi-Fi service and insufficient validation of URI + escape character during Wi-Fi transfer. A remote attacker can read contents of arbitrary file on the device.
Update to version 6.1.
MobilePDF for Android: 6.0 - 6.0.2
External linkshttp://www.foxitsoftware.com/support/security-bulletins.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to perform certain actions on the device.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
