CVE Tools

CVE-2017-10951

Published: Aug 29, 2017Updated: May 13, 2026 Sources: CVE List NVDCWE-78

No Known Exploits

No Fix Available

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within app.launchURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4724.

CVSS Vector Breakdown

Exploitability

AV:NAttack Vector

Network

AC:LAttack Complexity

Low

PR:NPrivileges Required

None

UI:RUser Interaction

Required

Scope

S:UScope

Unchanged

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Open in CVSS calculator →

Weaknesses

Affected Products

foxit reader foxitsoftware

On-premDesktop App

Consumer Software / productivity

Foxit Reader Zero Day Initiative

SaaS

Security Products / vuln-mgmt-scanner

foxitsoftwarecommercialCNConsumer Softwareaka foxit software

zero day initiativecommercialSecurity Productsaka zdi

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

No known exploits, KEV entries, or remediation guidance available for this vulnerability yet.

MITRE ATT&CK

1 technique

Execution

View detailed technique mapping

References

http://www.securityfocus.com/bid/100409

securityfocus.com

http://www.securitytracker.com/id/1039213

securitytracker.com

https://zerodayinitiative.com/advisories/ZDI-17-691

zerodayinitiative.com

Timeline

Published

Aug 29, 2017

Last Updated

May 13, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2017-10951 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows