CVE-2023-39542
HIGHFoxit Reader 12.1.3.15356 - Remote Code Execution via JavaScript saveAs API
Title source: llmDescription
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1832
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1832
Scores
CVSS v3
8.8
EPSS
0.0335
EPSS Percentile
87.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-610
CWE-73
Status
published
Products (1)
foxitsoftware/foxit_reader
12.1.3.15356
Published
Nov 27, 2023
Tracked Since
Feb 18, 2026