Skip to main content

Foxit Releases Security Updates

Security updates address multiple vulnerabilities affecting Foxit Reader and Foxit PDF Editor that could allow attackers to perform remote code execution on vulnerable systems

Threat ID:
CC-4413
Threat Severity:
Medium
Published:
28 November 2023 2:50 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security updates address multiple vulnerabilities affecting Foxit Reader and Foxit PDF Editor that could allow attackers to perform remote code execution on vulnerable systems

Threat details

Introduction

Foxit has released security updates to address multiple vulnerabilities in Foxit Reader and Foxit PDF Editor which could be exploited by an attacker to perform remote code execution.

The six vulnerabilities have all been assigned a CVSSv3 score of 8.8 and include two use-after-free vulnerabilities, an arbitrary file creation vulnerability, a type confusion vulnerability, and two arbitrary file creation vulnerabilities.

Remediation advice

Affected organisations are encouraged to review the following the Foxit Security Bulletins and apply the relevant updates.   

CVE Vulnerabilities

Status Published

CVE-2023-38573

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Status Published

CVE-2023-32616

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Status Published

CVE-2023-35985

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.
Status Published

CVE-2023-41257

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Status Published

CVE-2023-40194

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Status Published

CVE-2023-39542

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Last edited: 1 December 2023 8:26 am