Lucene search
PRIOn knowledge basePRION:CVE-2023-40194HistoryNov 27, 2023 - 4:15 p.m.
Design/Logic Flaw
2023-11-2716:15:00
PRIOn knowledge base
www.prio-n.com
9
javascript
arbitrary file creation
vulnerability
foxit reader
mistreatment of whitespace
malicious file
arbitrary locations
code execution
attacker
user trick
exploitation
browser plugin extension
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| foxit_reader | eq | 12.1.3.15356 |
Related
talos
talos
cve
cve
CVE-2023-40194
2023-11-27 16:15:10
cvelist
cvelist
CVE-2023-40194
2023-11-27 15:25:11
nvd
nvd
CVE-2023-40194
2023-11-27 16:15:10
cnvd
cnvd
Foxit Reader Arbitrary File Creation Vulnerability
2023-11-30 00:00:00
nessus
nessus
Foxit PDF Editor < 13.0.1 Multiple Vulnerabilities
2023-11-14 00:00:00
Foxit PDF Reader < 2023.3 Multiple Vulnerabilities
2023-11-22 00:00:00
Foxit PDF Editor < 2023.3 Multiple Vulnerabilities
2023-11-22 00:00:00
talosblog
talosblog
Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader
2023-12-06 18:33:06
kaspersky
kaspersky
KLA62106 Multiple vulnerabilities in Foxit PDF Reader
2023-11-22 00:00:00
openvas
openvas
Foxit Reader Multiple Vulnerabilities (June-6 2024)
2024-06-21 00:00:00
Foxit PhantomPDF Multiple Vulnerabilities (June-2 2024)
2024-06-20 00:00:00