Vulnerability identifier: #VU52940
Vulnerability risk: Low
Exploitation vector: Local
Exploit availability: No
Vendor: Foxit Software Inc.
The vulnerability allows a local user to delete arbitrary files on the system.
The vulnerability exists due to the way the application handles symbolic links. A local user can create symbolic links to critical files on the system and delete them, when the system administrator uninstalls the application.
Install updates from vendor's website.
Vulnerable software versions
Foxit PDF Reader for Windows: 9.0 - 10.1.3.37598
Foxit PDF Editor (formerly Foxit PhantomPDF): 10.0.0.35798 - 10.1.3.37598, 188.8.131.52935 - 184.108.40.206616
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?