Lucene search

Kaspersky LabKLA60004

HistorySep 12, 2023 - 12:00 a.m.

KLA60004 Multiple vulnerabilities in Foxit PDF Reader

2023-09-1200:00:00

Kaspersky Lab

threats.kaspersky.com

foxit pdf reader

multiple vulnerabilities

update

arbitrary code

sensitive information

public exploits

security updates

ace

cve-2023-39542

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.7%

JSON

Multiple vulnerabilities were found in Foxit PDF Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

Code execution vulnerability can be exploited remotely to execute arbitrary code.
Use after free vulnerability in Annotation can be exploited to obtain sensitive information.
Out of bounds read vulnerability in AcroForm can be exploited to obtain sensitive information.
Use after free vulnerability in Annotation can be exploited to execute arbitrary code.
Use after free vulnerability in templates can be exploited to obtain sensitive information.
Use after free vulnerability in PDF File Parsing can be exploited to execute arbitrary code.
Out of bounds read vulnerability in XFA Doc Object can be exploited to obtain sensitive information.
Use after free vulnerability in XFA Doc Object can be exploited to execute arbitrary code.
Use after free vulnerability in Doc Object can be exploited to execute arbitrary code.

Original advisories

Security updates available in Foxit PDF Reader 2023.2 and Foxit PDF Editor 2023.2

Exploitation

Public exploits exist for this vulnerability.

Related products

Foxit-Reader

Foxit-Reader-Enterprise

CVE list

CVE-2023-39542 critical

CVE-2023-42093 unknown

CVE-2023-42095 unknown

CVE-2023-42094 unknown

CVE-2023-42089 unknown

CVE-2023-42096 unknown

CVE-2023-42090 unknown

CVE-2023-42097 unknown

CVE-2023-42098 unknown

CVE-2023-42091 unknown

CVE-2023-42092 unknown

Solution

Update to the latest version

Download Foxit Reader

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.