CVE-2023-39542

Name of the Vulnerable Software and Affected Versions Foxit Reader version 12.1.3.15356

Description A code execution issue exists in the Javascript saveAs API of Foxit Reader. This is due to the improper handling of specially crafted malformed files, which can lead to the creation of arbitrary files and potentially result in remote code execution. An attacker must trick the user into opening a malicious file to exploit this issue. Additionally, exploitation is possible if a user visits a specially crafted malicious site when the browser plugin extension is enabled.

Recommendations For Foxit Reader version 12.1.3.15356, consider disabling the Javascript saveAs API until a patch is available to prevent potential code execution. Restrict access to malicious sites and avoid opening untrusted files to minimize the risk of exploitation.