Lucene search

[email protected]NVD:CVE-2023-35985

HistoryNov 27, 2023 - 4:15 p.m.

CVE-2023-35985

2023-11-2716:15:09

CWE-610

CWE-73

[email protected]

web.nvd.nist.gov

arbitrary file creation

javascript api

foxit reader

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

51.9%

JSON

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.

Affected configurations

Nvd

Node

foxitsoftwarefoxit_readerMatch12.1.3.15356

VendorProductVersionCPE
foxitsoftwarefoxit_reader12.1.3.15356cpe:2.3:a:foxitsoftware:foxit_reader:12.1.3.15356:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
foxitsoftware	foxit_reader	12.1.3.15356	cpe:2.3:a:foxitsoftware:foxit_reader:12.1.3.15356:::::::*

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1834

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

51.9%

JSON

Related for NVD:CVE-2023-35985

talos1 cve1 cvelist1 cnvd1 prion1 nessus5 talosblog1 kaspersky1 openvas2