Warning: Multiple vulnerabilities in Foxit PDF Reader and Editor products can lead to Remote Code Execution
CVE-2023-28744: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVE-2023-32664: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Bronnen
https://www.foxit.com/support/security-bulletins.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1739
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795
Risico’s
Most vulnerabilities fixed in the updates can lead to Remote Code Execution, which causes total impact in the confidentiality, integrity and availability of the vulnerable system. Attack complexity is low and there are no privileges required. Additionally, Talos has published proof-of-concept code for some of the vulnerabilities.
At the moment of writing there is no sign of the vulnerabilities being exploited in the wild. Nonetheless, malicious PDF documents are often used by attackers during phishing or social engineering attacks to execute malicious code on the victim's computer. This makes these vulnerabilities highly likely to be exploited in the future.
Beschrijving
Foxit released security updates for Foxit PDF Editor and Foxit PDF Editor for the platforms Windows and MacOS. The updates fix several vulnerabilities that can lead to Remote Code Execution. A small number of them are described below.
CVE-2023-28744
CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVE-2023-28744 is a use-after-free vulnerability in the JavaScript engine of Foxit PDF Reader. A specially crafted PDF document can be send to a victim, who by opening it, can trigger the reuse of previously freed memory that can lead to memory corruption and arbitrary code execution. The vulnerability can also be exploited if the victim visits a malicious website and has the PDF plugin extension enabled in the browser.
CVE-2023-32664
CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVE-2023-32664 is a type confusion vulnerability in the JavaScript checkThisBox method as implemented in Foxit PDF Reader. A specially crafted JavaScript code inside a malicious PDF document can cause memory corruption and lead to Remote Code Execution. User interaction is required.
Aanbevolen acties
The Centre for Cybersecurity Belgium strongly recommends to update the affected software as soon as possible.
- For Foxit PDF Editor and Reader, update to version 12.1.3.
- For Foxit PDF Editor and Reader for Mac, update to version 12.1.1