CVE-2023-41257

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader versions 12.1.2.15356

Description The issue is related to a type confusion vulnerability in the way Foxit Reader handles field value properties. This can be triggered by a specially crafted Javascript code inside a malicious PDF document, leading to memory corruption and potentially allowing an attacker to execute arbitrary code. An attacker can exploit this by tricking a user into opening a malicious file or by having the user visit a specially crafted malicious site if the browser plugin extension is enabled.

Recommendations For Foxit PDF Reader version 12.1.2.15356, consider disabling the browser plugin extension to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid opening PDF files from untrusted sources to reduce the risk of triggering the vulnerability. Restrict access to malicious sites to prevent potential exploitation through the browser. At the moment, there is no information about a newer version that contains a fix for this vulnerability.