Kaspersky LabKLA62106KLA62106 Multiple vulnerabilities in Foxit PDF Reader
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.9%
Multiple vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service.
Below is a complete list of vulnerabilities:
- Out of bounds read vulnerability can be exploited remotely to execute arbitrary code and obtain sensitive information.
- Use after free vulnerability can be exploited remotely to execute arbitrary code.
- Code execution vulnerability in Doc object can be exploited remotely to execute arbitrary code.
- Type confusion vulnerability can be exploited to cause denial of service and execute arbitrary code.
- Use after free vulnerability in AcroForm Doc can be exploited remotely to execute arbitrary code.
- Type confusion vulnerability in Annotation can be exploited to cause denial of service.
- Out of bounds read vulnerability in Doc can be exploited remotely to obtain sensitive information.
- Out of bounds read vulnerability in File Parser can be exploited remotely to obtain sensitive information.
- Use after free vulnerability in AcroForm Signature can be exploited remotely to execute arbitrary code.
- Out of bounds read vulnerability in combobox can be exploited remotely to obtain sensitive information.
- Use after free vulnerability in Signature can be exploited remotely to execute arbitrary code.
- Out of bounds read vulnerability in AcroForm Doc can be exploited remotely to obtain sensitive information.
- Out of bounds read vulnerability in Bookmark can be exploited remotely to obtain sensitive information.
- Out of bounds read vulnerability in AcroForm out-of-bounds can be exploited remotely to obtain sensitive information.
- Use after free vulnerability in AcroForm Doc Object can be exploited remotely to execute arbitrary code.
Original advisories
Security updates available in Foxit PDF Reader 2023.3 and Foxit PDF Editor 2023.3
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
CVE-2023-41257 critical
CVE-2023-32616 critical
CVE-2023-35985 critical
CVE-2023-40194 critical
CVE-2023-38573 critical
CVE-2023-51556 unknown
CVE-2023-51560 unknown
CVE-2023-51555 unknown
CVE-2023-51561 unknown
CVE-2023-51552 unknown
CVE-2023-51550 unknown
CVE-2023-51554 unknown
CVE-2023-51557 unknown
CVE-2023-51558 unknown
CVE-2023-51553 unknown
CVE-2023-51562 unknown
CVE-2023-51551 unknown
CVE-2023-51549 unknown
CVE-2023-51559 unknown
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- Foxit PDF Reader earlier than 2023.3.0.23028
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.9%