Other official information and services: www.belgium.be

Warning: Multiple vulnerabilities in Foxit PDF, Patch Immediately!

Reference:

Advisory #2023-144

Version:

1.0

Affected software:

Foxit PDF Reader

Foxit PDF Editor

Type:

Arbitrary Code Execution

CVE/CVSS:

CVE-2023-41257: 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-38573: 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-39542: 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-40194: 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-35985: 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-32616: 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Datum:

29/11/2023

Sources

Foxit Security Bulletin - https://www.foxit.com/support/security-bulletins.html

Risks

Specially crafted malicious PDF documents can trigger a vulnerability listed below and lead to Remote Code Execution (RCE) when opened by a vulnerable version of Foxit PDF. If a user is using the browser plugin extension, the vulnerabilities can be triggered by opening a malicious PDF in the web browser or by visiting a malicious site.

The Centre for Cyber Security Belgium is aware of older vulnerabilities in Foxit PDF (CVE-2023-27363) being actively exploited. The CCB assesses threat actors will likely try to exploit these vulnerabilities.

Description

All vulnerabilities require an attacker to trick a user into opening a malicious file or visit a malicious site with the browser plugin enabled.

CVE-2023-41257
Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.

CVE-2023-40194, CVE-2023-39542, CVE-2023-35985
A malicious file can create files at arbitrary locations, which can lead to arbitrary code execution.

CVE-2023-38573, CVE-2023-32616
Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution.

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends system administrators to update Foxit PDF to the latest version.

References

InfoTech & InfoSec News - https://meterpreter.org/foxit-reader-users-beware-multiple-vulnerabiliti...

Cisco Talos - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1832

Cisco Talos - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1838

Cisco Talos - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1834

Cisco Talos - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1833

Cisco Talos - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1837

Cisco Talos - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1839