Arbitrary File Creation Vulnerability in Foxit Reader by Foxit Software
CVE-2023-40194
8.8HIGH
Summary
An arbitrary file creation vulnerability exists within the JavaScript exportDataObject API of Foxit Reader 12.1.3.15356 caused by the improper handling of whitespace characters. This flaw enables attackers to craft malicious files that can create files at arbitrary system locations, potentially leading to arbitrary code execution. An exploitation attempt requires the user to open the compromised file, or visit a specially crafted website that leverages the browser plugin extension, posing significant security risks.
Affected Version(s)
Foxit Reader 12.1.3.15356
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Discovered by Kamlapati Choubey of Cisco Talos.