CVE-2010-20010

Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Common Weakness Enumeration
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_title_bof.rb
https://www.exploit-db.com/exploits/15514/
https://www.exploit-db.com/exploits/15532
https://www.exploit-db.com/exploits/16621
https://www.foxit.com/pdf-reader/version-history.html
https://www.vulncheck.com/advisories/foxit-pdf-reader-title-stack-buffer-overflow