Vulnerability Details CVE-2020-10890
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the communication API. The issue lies in the handling of the ConvertToPDF command, which allows an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9829.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 81.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2020-10890
-
cpe:2.3:a:foxitsoftware:phantompdf:1.0.2
-
cpe:2.3:a:foxitsoftware:phantompdf:2.0
-
cpe:2.3:a:foxitsoftware:phantompdf:2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:2.1.1
-
cpe:2.3:a:foxitsoftware:phantompdf:2.2
-
cpe:2.3:a:foxitsoftware:phantompdf:2.2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:2.2.3
-
cpe:2.3:a:foxitsoftware:phantompdf:3.0.1
-
cpe:2.3:a:foxitsoftware:phantompdf:3.3
-
cpe:2.3:a:foxitsoftware:phantompdf:3.4
-
cpe:2.3:a:foxitsoftware:phantompdf:4.0
-
cpe:2.3:a:foxitsoftware:phantompdf:4.1
-
cpe:2.3:a:foxitsoftware:phantompdf:5.0.2
-
cpe:2.3:a:foxitsoftware:phantompdf:5.0.2.0721
-
cpe:2.3:a:foxitsoftware:phantompdf:5.0.3
-
cpe:2.3:a:foxitsoftware:phantompdf:5.0.3.0811
-
cpe:2.3:a:foxitsoftware:phantompdf:5.1
-
cpe:2.3:a:foxitsoftware:phantompdf:5.1.1.1214
-
cpe:2.3:a:foxitsoftware:phantompdf:5.1.2
-
cpe:2.3:a:foxitsoftware:phantompdf:5.1.2.0305
-
cpe:2.3:a:foxitsoftware:phantompdf:5.2
-
cpe:2.3:a:foxitsoftware:phantompdf:5.2.0.0502
-
cpe:2.3:a:foxitsoftware:phantompdf:5.2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:5.2.1.0615
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.0.0902
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.2
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.2.0918
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.3
-
cpe:2.3:a:foxitsoftware:phantompdf:5.4.3.1106
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.2.0413
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.5
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.5.0618
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.7
-
cpe:2.3:a:foxitsoftware:phantompdf:6.0.7.0806
-
cpe:2.3:a:foxitsoftware:phantompdf:6.1
-
cpe:2.3:a:foxitsoftware:phantompdf:6.1.1.1025
-
cpe:2.3:a:foxitsoftware:phantompdf:6.1.2
-
cpe:2.3:a:foxitsoftware:phantompdf:6.1.2.1227
-
cpe:2.3:a:foxitsoftware:phantompdf:6.2
-
cpe:2.3:a:foxitsoftware:phantompdf:6.2.0.0429
-
cpe:2.3:a:foxitsoftware:phantompdf:6.2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:6.2.1.0168
-
cpe:2.3:a:foxitsoftware:phantompdf:7.0
-
cpe:2.3:a:foxitsoftware:phantompdf:7.0.3.916
-
cpe:2.3:a:foxitsoftware:phantompdf:7.0.6
-
cpe:2.3:a:foxitsoftware:phantompdf:7.0.6.1126
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1.0.306
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1.3.320
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1.5
-
cpe:2.3:a:foxitsoftware:phantompdf:7.1.5.425
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2.0.0722
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2.0.722
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2.2
-
cpe:2.3:a:foxitsoftware:phantompdf:7.2.2.0929
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.0.0118
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.0.118
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.11
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.11.1122
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.13
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.13.421
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.15
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.15.712
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.17
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.17.906
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.4
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.4.0311
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.4.311
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.9
-
cpe:2.3:a:foxitsoftware:phantompdf:7.3.9.0816
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0.0.624
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0.2
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0.2.805
-
cpe:2.3:a:foxitsoftware:phantompdf:8.0.5
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1.0.1013
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1.1
-
cpe:2.3:a:foxitsoftware:phantompdf:8.1.1.1115
-
cpe:2.3:a:foxitsoftware:phantompdf:8.2
-
cpe:2.3:a:foxitsoftware:phantompdf:8.2.0.2192
-
cpe:2.3:a:foxitsoftware:phantompdf:8.2.1
-
cpe:2.3:a:foxitsoftware:phantompdf:8.2.1.6871
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.0.14878
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.1
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.1.21155
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.10
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.10.42705
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.11
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.11.45106
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.12
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.12.47136
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.2
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.2.25013
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.5
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.5.30351
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.6
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.6.35572
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.7
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.7.38093
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.8.39677
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.9
-
cpe:2.3:a:foxitsoftware:phantompdf:8.3.9.41099
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0.0.29935
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0.1
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0.1.1049
-
cpe:2.3:a:foxitsoftware:phantompdf:9.0.1.31049
-
cpe:2.3:a:foxitsoftware:phantompdf:9.1
-
cpe:2.3:a:foxitsoftware:phantompdf:9.1.0.5096
-
cpe:2.3:a:foxitsoftware:phantompdf:9.2
-
cpe:2.3:a:foxitsoftware:phantompdf:9.2.0.9297
-
cpe:2.3:a:foxitsoftware:phantompdf:9.3
-
cpe:2.3:a:foxitsoftware:phantompdf:9.3.0.10826
-
cpe:2.3:a:foxitsoftware:phantompdf:9.4.0.16811
-
cpe:2.3:a:foxitsoftware:phantompdf:9.4.1.16828
-
cpe:2.3:a:foxitsoftware:phantompdf:9.5
-
cpe:2.3:a:foxitsoftware:phantompdf:9.5.0.20723
-
cpe:2.3:a:foxitsoftware:phantompdf:9.6
-
cpe:2.3:a:foxitsoftware:phantompdf:9.6.0.25114
-
cpe:2.3:a:foxitsoftware:phantompdf:9.7
-
cpe:2.3:a:foxitsoftware:phantompdf:9.7.0.29435
-
cpe:2.3:a:foxitsoftware:phantompdf:9.7.0.29455
-
cpe:2.3:a:foxitsoftware:phantompdf:9.7.0.29478
-
cpe:2.3:a:foxitsoftware:phantompdf:9.7.1
-
cpe:2.3:a:foxitsoftware:phantompdf:9.7.1.29511
-
cpe:2.3:a:foxitsoftware:reader:2.1.0.0804
-
cpe:2.3:a:foxitsoftware:reader:2.1.0.0805
-
cpe:2.3:a:foxitsoftware:reader:2.2
-
cpe:2.3:a:foxitsoftware:reader:2.3
-
cpe:2.3:a:foxitsoftware:reader:2.4.4
-
cpe:2.3:a:foxitsoftware:reader:3.0
-
cpe:2.3:a:foxitsoftware:reader:3.1
-
cpe:2.3:a:foxitsoftware:reader:3.1.0.0824
-
cpe:2.3:a:foxitsoftware:reader:3.1.1.0901
-
cpe:2.3:a:foxitsoftware:reader:3.1.2.1013
-
cpe:2.3:a:foxitsoftware:reader:3.1.3.1030
-
cpe:2.3:a:foxitsoftware:reader:3.2
-
cpe:2.3:a:foxitsoftware:reader:3.2.1.0401
-
cpe:2.3:a:foxitsoftware:reader:3.3
-
cpe:2.3:a:foxitsoftware:reader:3.3.0
-
cpe:2.3:a:foxitsoftware:reader:3.3.1
-
cpe:2.3:a:foxitsoftware:reader:4.0
-
cpe:2.3:a:foxitsoftware:reader:4.1.0
-
cpe:2.3:a:foxitsoftware:reader:4.1.1
-
cpe:2.3:a:foxitsoftware:reader:4.2.0
-
cpe:2.3:a:foxitsoftware:reader:4.3.0
-
cpe:2.3:a:foxitsoftware:reader:4.3.1.0218
-
cpe:2.3:a:foxitsoftware:reader:5.0.1
-
cpe:2.3:a:foxitsoftware:reader:5.0.2.01718
-
cpe:2.3:a:foxitsoftware:reader:5.1.0
-
cpe:2.3:a:foxitsoftware:reader:5.1.3
-
cpe:2.3:a:foxitsoftware:reader:5.3.0
-
cpe:2.3:a:foxitsoftware:reader:5.3.1
-
cpe:2.3:a:foxitsoftware:reader:5.4.2
-
cpe:2.3:a:foxitsoftware:reader:5.4.3
-
cpe:2.3:a:foxitsoftware:reader:5.4.5
-
cpe:2.3:a:foxitsoftware:reader:6.0.2
-
cpe:2.3:a:foxitsoftware:reader:6.0.3
-
cpe:2.3:a:foxitsoftware:reader:6.0.5
-
cpe:2.3:a:foxitsoftware:reader:6.1
-
cpe:2.3:a:foxitsoftware:reader:6.1.1
-
cpe:2.3:a:foxitsoftware:reader:6.1.2
-
cpe:2.3:a:foxitsoftware:reader:6.1.4
-
cpe:2.3:a:foxitsoftware:reader:6.2.0
-
cpe:2.3:a:foxitsoftware:reader:6.2.1
-
cpe:2.3:a:foxitsoftware:reader:7.0.3
-
cpe:2.3:a:foxitsoftware:reader:7.0.6
-
cpe:2.3:a:foxitsoftware:reader:7.1.0
-
cpe:2.3:a:foxitsoftware:reader:7.1.5
-
cpe:2.3:a:foxitsoftware:reader:7.2.0
-
cpe:2.3:a:foxitsoftware:reader:7.2.0.722
-
cpe:2.3:a:foxitsoftware:reader:7.2.2
-
cpe:2.3:a:foxitsoftware:reader:7.2.8
-
cpe:2.3:a:foxitsoftware:reader:7.3.0
-
cpe:2.3:a:foxitsoftware:reader:7.3.0.118
-
cpe:2.3:a:foxitsoftware:reader:7.3.4
-
cpe:2.3:a:foxitsoftware:reader:8.0.0
-
cpe:2.3:a:foxitsoftware:reader:8.0.2
-
cpe:2.3:a:foxitsoftware:reader:8.0.2.805
-
cpe:2.3:a:foxitsoftware:reader:8.0.5
-
cpe:2.3:a:foxitsoftware:reader:8.1.0
-
cpe:2.3:a:foxitsoftware:reader:8.1.1
-
cpe:2.3:a:foxitsoftware:reader:8.1.4
-
cpe:2.3:a:foxitsoftware:reader:8.2.0
-
cpe:2.3:a:foxitsoftware:reader:8.2.1
-
cpe:2.3:a:foxitsoftware:reader:8.3.0
-
cpe:2.3:a:foxitsoftware:reader:8.3.1
-
cpe:2.3:a:foxitsoftware:reader:8.3.2
-
cpe:2.3:a:foxitsoftware:reader:9.0.0
-
cpe:2.3:a:foxitsoftware:reader:9.0.1
-
cpe:2.3:a:foxitsoftware:reader:9.0.1.1049
-
cpe:2.3:a:foxitsoftware:reader:9.1.0
-
cpe:2.3:a:foxitsoftware:reader:9.1.0.5096
-
cpe:2.3:a:foxitsoftware:reader:9.2
-
cpe:2.3:a:foxitsoftware:reader:9.2.0
-
cpe:2.3:a:foxitsoftware:reader:9.2.0.9297
-
cpe:2.3:a:foxitsoftware:reader:9.3
-
cpe:2.3:a:foxitsoftware:reader:9.3.0.10826
-
cpe:2.3:a:foxitsoftware:reader:9.4.0.16811
-
cpe:2.3:a:foxitsoftware:reader:9.4.1.16828
-
cpe:2.3:a:foxitsoftware:reader:9.5
-
cpe:2.3:a:foxitsoftware:reader:9.5.0.20723
-
cpe:2.3:a:foxitsoftware:reader:9.6
-
cpe:2.3:a:foxitsoftware:reader:9.6.0.25114
-
cpe:2.3:a:foxitsoftware:reader:9.7
-
cpe:2.3:a:foxitsoftware:reader:9.7.0.29435
-
cpe:2.3:a:foxitsoftware:reader:9.7.0.29455
-
cpe:2.3:a:foxitsoftware:reader:9.7.0.29478
-
cpe:2.3:a:foxitsoftware:reader:9.7.1
-
cpe:2.3:a:foxitsoftware:reader:9.7.1.29511
-
cpe:2.3:o:microsoft:windows:-