Lucene search
PRIOn knowledge basePRION:CVE-2023-39542HistoryNov 27, 2023 - 4:15 p.m.
Remote code execution
2023-11-2716:15:00
PRIOn knowledge base
www.prio-n.com
10
remote code execution
javascript
foxit reader
vulnerability
arbitrary files
malicious file
exploitation
browser plugin
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| foxit_reader | eq | 12.1.3.15356 |
Related
cnvd
cnvd
Foxit Reader Code Execution Vulnerability (CNVD-2023-9608935)
2023-11-30 00:00:00
talos
talos
Foxit Reader Javascript saveAs arbitrary file creation vulnerability
2023-11-27 00:00:00
cve
cve
CVE-2023-39542
2023-11-27 16:15:10
cvelist
cvelist
CVE-2023-39542
2023-11-27 15:25:12
nvd
nvd
CVE-2023-39542
2023-11-27 16:15:10
openvas
openvas
Foxit PhantomPDF Multiple Vulnerabilities (June-5 2024)
2024-06-21 00:00:00
Foxit Reader Multiple Vulnerabilities (June-4 2024)
2024-06-21 00:00:00
Foxit Reader Multiple Vulnerabilities (June-6 2024)
2024-06-21 00:00:00
nessus
nessus
Foxit PDF Editor < 13.0 Multiple Vulnerabilities
2023-09-11 00:00:00
Foxit PDF Editor < 2023.2 Multiple Vulnerabilities
2023-09-11 00:00:00
Foxit PDF Reader < 2023.2 Multiple Vulnerabilities
2023-09-11 00:00:00
kaspersky
kaspersky
KLA60004 Multiple vulnerabilities in Foxit PDF Reader
2023-09-12 00:00:00
talosblog
talosblog
Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader
2023-12-06 18:33:06