CVE-2023-40194

CWE-73CWE-6103 documents3 sources
Severity
8.8HIGH
EPSS
0.0%
top 94.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit Foxit ReaderFoxitsoftware Foxit Reader
Timeline
PublishedNov 27

Description

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is e

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5foxit/foxit_reader12.1.3.15356
NVDfoxitsoftware/foxit_reader12.1.3.15356

🔴Vulnerability Details

2
CVEList
CVE-2023-40194: An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 122023-11-27
GHSA
GHSA-973j-jf94-fmwp: An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 122023-11-27