CVE-2016-8856

Name of the Vulnerable Software and Affected Versions Foxit Reader for Mac versions 2.1.0.0804 and earlier Foxit Reader for Linux versions 2.1.0.0805 and earlier

Description The issue is related to weak file permissions that could be exploited by attackers to execute arbitrary code. After installation, Foxit Reader's core files are world-writable by default, allowing an attacker to overwrite them with backdoor code. This could result in Privilege Escalation or Code Execution when executed by a privileged user.

Recommendations For Foxit Reader for Mac versions 2.1.0.0804 and earlier, update to a version later than 2.1.0.0804 to resolve the issue. For Foxit Reader for Linux versions 2.1.0.0805 and earlier, update to a version later than 2.1.0.0805 to resolve the issue. As a temporary workaround, consider changing the file permissions of Foxit Reader's core files to prevent them from being world-writable.