Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability
CVE-2023-27365
7.8HIGH
Summary
A vulnerability in Foxit PDF Editor's handling of DOC file parsing permits remote attackers to execute arbitrary code on user systems. This flaw stems from inadequate restrictions placed on macro-enabled documents, allowing malicious actors to take advantage of the vulnerability when users interact with compromised documents or visit harmful web pages. The risk is exacerbated by the requirement of user interaction for successful exploitation, which highlights the importance of cautious handling of document files from untrusted sources.
Affected Version(s)
PDF Editor 12.1.0.15250
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved