Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2024 Greenbone AGOPENVAS:1361412562310834087
HistoryJun 21, 2024 - 12:00 a.m.

Foxit Reader Multiple Vulnerabilities (June-4 2024)

2024-06-2100:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
1
foxit reader
multiple vulnerabilities
remote code execution
information disclosure
cve-2023-39542
cve-2023-42089
vulnerable version
update required

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

Foxit Reader is prone to multiple
vulnerabilities.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:foxitsoftware:reader";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.834087");
  script_version("2024-06-26T05:05:39+0000");
  script_cve_id("CVE-2023-42089", "CVE-2023-42090", "CVE-2023-42091", "CVE-2023-42092",
                "CVE-2023-42093", "CVE-2023-42094", "CVE-2023-42095", "CVE-2023-42096",
                "CVE-2023-42097", "CVE-2023-42098", "CVE-2023-39542");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-06-26 05:05:39 +0000 (Wed, 26 Jun 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-11-27 16:15:10 +0000 (Mon, 27 Nov 2023)");
  script_tag(name:"creation_date", value:"2024-06-21 11:16:04 +0530 (Fri, 21 Jun 2024)");
  script_name("Foxit Reader Multiple Vulnerabilities (June-4 2024)");

  script_tag(name:"summary", value:"Foxit Reader is prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"These vulnerabilities exist:

  - CVE-2023-39542: A remote code execution vulnerability when handling certain JavaScripts.

  - CVE-2023-42089: An use-after-free vulnerability and crash when handling certain JavaScripts.");

  script_tag(name:"impact", value:"Successful exploitation allows an attacker
  to execute remote code and disclose information.");

  script_tag(name:"affected", value:"Foxit Reader version 12.1.3.15356 and
  prior on Windows.");

  script_tag(name:"solution", value:"Update to version 2023.2 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"registry");
  script_xref(name:"URL", value:"https://www.foxitsoftware.com/support/security-bulletins.php");
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_category(ACT_GATHER_INFO);
  script_family("General");
  script_dependencies("gb_foxit_reader_detect_portable_win.nasl");
  script_mandatory_keys("foxit/reader/ver");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);

vers = infos["version"];
path = infos["location"];

if(version_is_less_equal(version:vers, test_version:"12.1.3.15356")) {
  report = report_fixed_ver(installed_version:vers, fixed_version:"2023.2", install_path:path);
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

Related

openvas 3
nessus 7
kaspersky 1
cnvd 1
cve 11
zdi 10
cvelist 11
nvd 11
prion 1
talos 1
talosblog 1
openvas
openvas
Foxit PhantomPDF Multiple Vulnerabilities (June-5 2024)
2024-06-21 00:00:00
Foxit Reader Multiple Vulnerabilities (June-6 2024)
2024-06-21 00:00:00
Foxit PhantomPDF Multiple Vulnerabilities (June-2 2024)
2024-06-20 00:00:00
nessus
nessus
Foxit PDF Editor < 13.0 Multiple Vulnerabilities
2023-09-11 00:00:00
Foxit PDF Editor < 2023.2 Multiple Vulnerabilities
2023-09-11 00:00:00
Foxit PDF Reader < 2023.2 Multiple Vulnerabilities
2023-09-11 00:00:00
kaspersky
kaspersky
KLA60004 Multiple vulnerabilities in Foxit PDF Reader
2023-09-12 00:00:00
cnvd
cnvd
Foxit Reader Code Execution Vulnerability (CNVD-2023-9608935)
2023-11-30 00:00:00
cve
cve
CVE-2023-42091
2024-05-03 03:15:45
CVE-2023-42089
2024-05-03 03:15:45
CVE-2023-42090
2024-05-03 03:15:45
zdi
zdi
Foxit PDF Reader templates Use-After-Free Information Disclosure Vulnerability
2023-09-12 00:00:00
Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability
2023-09-12 00:00:00
Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability
2023-09-12 00:00:00
cvelist
cvelist
CVE-2023-42091 Foxit PDF Reader XFA Doc Object Use-After-Free Remote Code Execution Vulnerability
2024-05-03 02:13:05
CVE-2023-42090 Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability
2024-05-03 02:13:04
CVE-2023-42094 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
2024-05-03 02:13:07
nvd
nvd
CVE-2023-42091
2024-05-03 03:15:45
CVE-2023-42090
2024-05-03 03:15:45
CVE-2023-42094
2024-05-03 03:15:46
prion
prion
Remote code execution
2023-11-27 16:15:00
talos
talos
Foxit Reader Javascript saveAs arbitrary file creation vulnerability
2023-11-27 00:00:00
talosblog
talosblog
Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader
2023-12-06 18:33:06

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON
Related for OPENVAS:1361412562310834087
openvas3nessus7kaspersky1cnvd1cve11zdi10cvelist11nvd11prion1talos1talosblog1