CVE-2016-8856

{"id": "CVE-2016-8856", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2016-10-31T10:59:09.380", "references": [{"url": "http://www.securityfocus.com/bid/93608", "tags": ["Technical Description", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1037101", "source": "cve@mitre.org"}, {"url": "https://www.foxitsoftware.com/support/security-bulletins.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/93608", "tags": ["Technical Description", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1037101", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.foxitsoftware.com/support/security-bulletins.php", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-275"}]}], "descriptions": [{"lang": "en", "value": "Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both."}, {"lang": "es", "value": "Foxit Reader para Mac 2.1.0.0804 y versiones anteriores y Foxit Reader para Linux 2.1.0.0805 y versiones anteriores sufrieron una vulnerabilidad donde permisos de archivo d\u00e9biles podr\u00edan ser explotados por atacantes para ejecutar c\u00f3digo arbitrario. Despu\u00e9s de la instalaci\u00f3n, archivos del n\u00facleo de Foxit Reader eran de escritura universal por defecto, permitiendo a un atacante sobre escribirlos con c\u00f3digo de puerta trasera, lo cual cuando se ejecuta por un usuario privilegiado resultar\u00e1 en Privilege Escalation, Code Execution o ambas."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:mac_os_x:*:*", "vulnerable": true, "matchCriteriaId": "D2CE5F97-306A-4ECF-829C-F8D55496103D", "versionEndIncluding": "2.1.0.0804"}, {"criteria": "cpe:2.3:a:foxitsoftware:reader:*:*:*:*:*:linux_kernel:*:*", "vulnerable": true, "matchCriteriaId": "D1B85AF9-ADEC-4D60-8916-C8E978B44CB2", "versionEndIncluding": "2.1.0.0805"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}