Foxit Reader Users Beware: Multiple Vulnerabilities Expose Users to Remote Code Execution

Popular PDF reader Foxit Reader has been found to harbor multiple security vulnerabilities that could allow attackers to remotely execute malicious code on vulnerable systems. These vulnerabilities, discovered by researchers from Cisco’s Talos Vulnerability Development Team [1, 2, 3, 4, 5, 6], affect Foxit Reader versions 12.1.3.15356 and possibly earlier.

The vulnerabilities, a total of six, include two use-after-free vulnerabilities, an arbitrary file creation vulnerability, a type confusion vulnerability, and two arbitrary file creation vulnerabilities. These flaws could be exploited by tricking users into opening specially crafted PDF files or visiting malicious websites.

Successful exploitation of these vulnerabilities could allow attackers to gain control of affected systems, potentially leading to data breaches, malware infections, and other serious consequences.

Vulnerability Breakdown

Here’s a breakdown of the vulnerabilities and their potential impacts:

1. CVE-2023-38573 (CVSS score: 8.8): This use-after-free vulnerability arises from the way Foxit Reader handles a signature field. An attacker could exploit this flaw to inject malicious code into the system.

2. CVE-2023-32616 (CVSS score: 8.8): This use-after-free vulnerability stems from the way Foxit Reader handles 3D annotations. An attacker could exploit this flaw to crash the application or execute arbitrary code.

3. CVE-2023-35985 (CVSS score: 8.8): This arbitrary file creation vulnerability stems from the way Foxit Reader handles field value properties. An attacker could exploit this flaw to create malicious files that, when opened, could compromise the system.

4. CVE-2023-41257 (CVSS score: 8.8): This type confusion vulnerability stems from the way Foxit Reader handles the ‘saveAs’ method of the Doc object. An attacker could exploit this flaw to execute arbitrary code.

5. CVE-2023-40194 (CVSS score: 8.8): This arbitrary file creation vulnerability stems from the failure to properly validate a dangerous extension. An attacker could exploit this flaw to create malicious files that, when opened, could compromise the system.

6. CVE-2023-39542 (CVSS score: 8.8): This arbitrary file creation vulnerability stems from the way Foxit Reader handles the ‘exportDataObject’ method of the Doc object. An attacker could exploit this flaw to create malicious files that, when opened, could compromise the system.

Protecting Yourself

To protect themselves from these vulnerabilities, Foxit Reader users are strongly advised to update their software to the latest version, which addresses all six flaws. Additionally, users should exercise caution when opening PDF files from unknown sources and avoid visiting suspicious websites.