Searching
..

Click anywhere to stop

KLA62106
Multiple vulnerabilities in Foxit PDF Reader

Updated: 01/10/2024
Detect date
?
11/22/2023
Severity
?
High
Description

Multiple vulnerabilities were found in Foxit Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

  1. Out of bounds read vulnerability can be exploited remotely to execute arbitrary code and obtain sensitive information.
  2. Use after free vulnerability can be exploited remotely to execute arbitrary code.
  3. Code execution vulnerability in Doc object can be exploited remotely to execute arbitrary code.
  4. Type confusion vulnerability can be exploited to cause denial of service and execute arbitrary code.
  5. Use after free vulnerability in AcroForm Doc can be exploited remotely to execute arbitrary code.
  6. Type confusion vulnerability in Annotation can be exploited to cause denial of service.
  7. Out of bounds read vulnerability in Doc can be exploited remotely to obtain sensitive information.
  8. Out of bounds read vulnerability in File Parser can be exploited remotely to obtain sensitive information.
  9. Use after free vulnerability in AcroForm Signature can be exploited remotely to execute arbitrary code.
  10. Out of bounds read vulnerability in combobox can be exploited remotely to obtain sensitive information.
  11. Use after free vulnerability in Signature can be exploited remotely to execute arbitrary code.
  12. Out of bounds read vulnerability in AcroForm Doc can be exploited remotely to obtain sensitive information.
  13. Out of bounds read vulnerability in Bookmark can be exploited remotely to obtain sensitive information.
  14. Out of bounds read vulnerability in AcroForm out-of-bounds can be exploited remotely to obtain sensitive information.
  15. Use after free vulnerability in AcroForm Doc Object can be exploited remotely to execute arbitrary code.
Exploitation

Public exploits exist for this vulnerability.

Affected products

Foxit PDF Reader earlier than 2023.3.0.23028

Solution

Update to the latest version
Download Foxit Reader

Original advisories

Security updates available in Foxit PDF Reader 2023.3 and Foxit PDF Editor 2023.3

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]
Related products
Foxit Reader
Foxit Reader Enterprise
CVE-IDS
?
CVE-2023-412575.0Warning
CVE-2023-326165.0Warning
CVE-2023-359855.0Warning
CVE-2023-401945.0Warning
CVE-2023-385735.0Warning
Find out the statistics of the vulnerabilities spreading in your region