CVE-2013-10068 PUBLISHED

Foxit Reader <= 5.4.5.0114 Plugin URL Processing Buffer Overflow

Assigner: VulnCheck
Reserved: 05.08.2025 Published: 05.08.2025 Updated: 05.08.2025

Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbitrary code.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score: 9.4

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	High
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	None	Availability	High	Availability	High
Privileges Required	None
User Interaction	Active

CVSS 4.0

Product Status

Vendor	Foxit
Product	Foxit Reader
Versions	Default: unaffected affected from * to 5.4.5.0114 (incl.)

Credits

rgod finder

References

Problem Types

CWE-121 Stack-based Buffer Overflow CWE

Impacts

CAPEC-100 Overflow Buffers