Lucene search

[email protected]NVD:CVE-2023-32664

HistoryJul 19, 2023 - 2:15 p.m.

CVE-2023-32664

2023-07-1914:15:10

CWE-843

[email protected]

web.nvd.nist.gov

javascript

memory corruption

remote code execution

pdf document

vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.6%

JSON

A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.

Affected configurations

Nvd

Node

foxitpdf_readerMatch12.1.2.15332

VendorProductVersionCPE
foxitpdf_reader12.1.2.15332cpe:2.3:a:foxit:pdf_reader:12.1.2.15332:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
foxit	pdf_reader	12.1.2.15332	cpe:2.3:a:foxit:pdf_reader:12.1.2.15332:::::::*

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1795

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.6%

JSON

Related for NVD:CVE-2023-32664

talos2 prion1 cvelist1 cve1 talosblog1 nessus3 openvas2 kaspersky1