CVE-2023-39542

HIGH

Foxitsoftware Foxit Reader - Remote Code Execution

Title source: rule

Description

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

References (2)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2023-1832

[Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1832

Scores

CVSS v3 8.8

EPSS 0.0021

EPSS Percentile 43.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-610 CWE-73

Status published

Products (1)

foxitsoftware/foxit_reader 12.1.3.15356

Published Nov 27, 2023

Tracked Since Feb 18, 2026