Lucene search
PRIOn knowledge basePRION:CVE-2023-28744HistoryJul 19, 2023 - 2:15 p.m.
Design/Logic Flaw
2023-07-1914:15:00
PRIOn knowledge base
www.prio-n.com
5
use-after-free
foxit pdf reader
memory corruption
arbitrary code execution
form fields
pdf
malicious site
browser plugin extension
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pdf_reader | eq | 12.1.1.15289 |
Related
talos
talos
Foxit Reader Choice Field use-after-free vulnerability
2023-07-19 00:00:00
cvelist
cvelist
CVE-2023-28744
2023-07-19 13:16:38
cve
cve
CVE-2023-28744
2023-07-19 14:15:10
nvd
nvd
CVE-2023-28744
2023-07-19 14:15:10
nessus
nessus
Foxit PDF Editor for Mac < 12.1.1 Multiple Vulnerabilities
2023-07-25 00:00:00
Foxit PDF Reader for Mac < 12.1.1 Multiple Vulnerabilities
2023-07-25 00:00:00
Foxit PDF Editor for Mac < 11.1.5 Multiple Vulnerabilities
2023-09-19 00:00:00
openvas
openvas
Foxit PhantomPDF Multiple Vulnerabilities (June-6 2024)
2024-06-21 00:00:00
Foxit Reader Multiple Vulnerabilities (June-5 2024)
2024-06-21 00:00:00
talosblog
talosblog
kaspersky
kaspersky
KLA51719 Multiple vulnerabilities in Foxit PDF Reader
2023-07-19 00:00:00