CVE-2023-40194

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader versions 12.1.3.15356

Description The issue is related to errors in processing hyperlinks and mistreatment of whitespace characters in the Javascript exportDataObject API. This can allow a remote attacker to execute arbitrary code. A specially crafted malicious file can create files at arbitrary locations, leading to code execution. Exploitation is possible if a user opens the malicious file or visits a specially crafted site with the browser plugin extension enabled.

Recommendations For version 12.1.3.15356, consider disabling the Javascript exportDataObject API until a patch is available. Restrict access to the browser plugin extension to minimize the risk of exploitation. Avoid opening suspicious files or visiting untrusted sites with the browser plugin extension enabled. At the moment, there is no information about a newer version that contains a fix for this vulnerability.