PT-2023-3895 · Foxit · Foxit Reader+1

Aleksandar Nikolic

Published

2023-07-19

Updated

2023-09-15

CVE-2023-32664

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Foxit Reader version 12.1.2.15332 Foxit PDF Editor (affected versions not specified)

Description A type confusion vulnerability exists in the Javascript checkThisBox method. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. The user would need to open a malicious file to trigger the issue. The vulnerability can be exploited by a remote attacker using a specially created PDF file.

Recommendations For Foxit Reader version 12.1.2.15332, consider disabling the checkThisBox method until a patch is available. For Foxit PDF Editor, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-843

Related Identifiers

BDU:2023-04187

CVE-2023-32664

Affected Products

Foxit Pdf Editor

Foxit Reader

PT-2023-3895 · Foxit · Foxit Reader+1

CVE-2023-32664

Weakness Enumeration

Related Identifiers

Affected Products

References · 9