Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability
CVE-2023-27365

7.8HIGH

Key Information:

Vendor
Foxit
Status
PDF Editor
Vendor
CVE Published:
3 May 2024

Summary

A vulnerability in Foxit PDF Editor's handling of DOC file parsing permits remote attackers to execute arbitrary code on user systems. This flaw stems from inadequate restrictions placed on macro-enabled documents, allowing malicious actors to take advantage of the vulnerability when users interact with compromised documents or visit harmful web pages. The risk is exacerbated by the requirement of user interaction for successful exploitation, which highlights the importance of cautious handling of document files from untrusted sources.

Affected Version(s)

PDF Editor 12.1.0.15250

References

https://www.zerodayinitiative.com/advisories/ZDI-23-493/
x_research-advisory
https://www.foxit.com/support/security-bulletins.html
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.