CVE-2023-32664

Name of the Vulnerable Software and Affected Versions Foxit Reader version 12.1.2.15332 Foxit PDF Editor (affected versions not specified)

Description A type confusion vulnerability exists in the Javascript checkThisBox method. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. The user would need to open a malicious file to trigger the issue. The vulnerability can be exploited by a remote attacker using a specially created PDF file.

Recommendations For Foxit Reader version 12.1.2.15332, consider disabling the checkThisBox method until a patch is available. For Foxit PDF Editor, at the moment, there is no information about a newer version that contains a fix for this vulnerability.