Use-After-Free Vulnerability in Foxit Reader by Foxit Software
CVE-2023-38573
8.8HIGH
Summary
A use-after-free vulnerability exists in Foxit Reader 12.1.2.15356 that affects the handling of signature fields. An attacker can exploit this flaw by crafting a malicious PDF containing specially formed JavaScript code. If a user opens this PDF, it can trigger the reuse of a freed object, leading to memory corruption and arbitrary code execution. Notably, exploitation can also occur via a compromised website where the user has the Foxit Reader browser plugin enabled. Users must exercise caution and avoid opening suspicious files to mitigate the risks associated with this vulnerability.
Affected Version(s)
Foxit Reader 12.1.3.15356
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Discovered by Aleksandar Nikolic and KPC of Cisco Talos.