CVE-2023-39542
https://notcve.org/view.php?id=CVE-2023-39542
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. Existe una vulnerabilidad de ejecución de código en la API saveAs de Javascript de Foxit Reader 12.1.3.15356. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1832 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2023-40194
https://notcve.org/view.php?id=CVE-2023-40194
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. Existe una vulnerabilidad de creación de archivos arbitrarios en la API Javascript exportDataObject de Foxit Reader 12.1.3.15356 debido al mal uso de los espacios en blanco. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1833 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2023-35985
https://notcve.org/view.php?id=CVE-2023-35985
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled. Existe una vulnerabilidad de creación de archivos arbitrarios en la API Javascript exportDataObject de Foxit Reader 12.1.3.15356 debido a una falla al validar correctamente una extensión peligrosa. • https://github.com/SpiralBL0CK/-CVE-2023-35985 https://github.com/N00BIER/CVE-2023-35985 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1834 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2023-32616
https://notcve.org/view.php?id=CVE-2023-32616
A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. Existe una vulnerabilidad de use-after-free en la forma en que Foxit Reader 12.1.2.15356 maneja las anotaciones 3D. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1837 • CWE-416: Use After Free •
CVE-2023-41257
https://notcve.org/view.php?id=CVE-2023-41257
A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. Existe una vulnerabilidad de confusión de tipos en la forma en que Foxit Reader 12.1.2.15356 maneja las propiedades de los valores de los campos. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1838 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •