Design/Logic Flaw

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker nee...

CVE-2023-39542

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerabilit...

CVE-2023-40194

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker nee...

CVE-2023-40194

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker nee...

CVE-2023-40194

Foxit Reader 12.1.3.15356 contains an arbitrary file creation vulnerability in the Javascript exportDataObject API due to whitespace handling. A crafted malicious file can create files at arbitrary locations, potentially enabling arbitrary code execution. Exploitation requires user action (openin...

CVE-2023-35985

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. ...

CVE-2023-41257

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker...

CVE-2023-32616

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2023-41257

CVE-2023-41257 is a type-confusion vulnerability in Foxit Reader/Foxit PDF Editor (versions around 12.1.2.15356) where field value properties can be mishandled. A specially crafted Javascript code within a malicious PDF (or a crafted site when the browser plugin is enabled) can trigger memory cor...

CVE-2023-32616

Summary: CVE-2023-32616 is a use-after-free in Foxit Reader 12.1.2.15356 affecting 3D annotations. A specially crafted Javascript in a malicious PDF can reuse a freed object, causing memory corruption and arbitrary code execution. Exploitation requires user action (opening the malicious PDF) or, ...

CVE-2023-38573

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2023-38573

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...

CVE-2023-38573

Foxit Reader (and Foxit PDF Editor) is affected by CVE-2023-38573: a use-after-free vulnerability in how the signature field is handled in Foxit Reader 12.1.2.15356. A specially crafted JavaScript in a malicious PDF can trigger reuse of a freed object, causing memory corruption and potentially ar...

PT-2023-7348 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader versions 12.1.3.15356 Description: The issue is related to errors in processing hyperlinks and mistreatment of whitespace characters in the Javascript exportDataObject API. This can allow a remote attacker to execute arbitrar...

PT-2023-7350 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 12.1.2.15356 Description: A use-after-free issue exists in the way Foxit Reader handles 3D annotations. This can be triggered by a specially crafted Javascript code inside a malicious PDF document, leading to memory...

PT-2023-7346 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader versions 12.1.2.15356 Description: The issue is related to a type confusion vulnerability in the way Foxit Reader handles field value properties. This can be triggered by a specially crafted Javascript code inside a malicious...

Foxit Reader Javascript exportDataObject HTA file creation vulnerability

Talos Vulnerability Report TALOS-2023-1834 Foxit Reader Javascript exportDataObject HTA file creation vulnerability November 27, 2023 CVE Number CVE-2023-35985 SUMMARY An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a...

PT-2023-8582 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 12.1.3.15356 Description: The issue is related to the exportDataObject API in Foxit Reader, which fails to properly validate a dangerous extension, leading to an arbitrary file creation vulnerability. This can allow an...

Foxit PDF Editor < 2023.3 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 2023.3. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D...

Foxit PDF Editor < 11.2.7 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 11.2.7. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF...