CVE-2023-35985

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 27, 2023

Updated: Dec 1, 2023

CWE ID 610

CWE ID 73

Summary

CVE-2023-35985 is a vulnerability affecting Foxit Reader 12.1.3.15356, where the Javascript exportDataObject API fails to validate dangerous file extensions during arbitrary file creation. A malicious file can be crafted to create files at arbitrary locations, potentially leading to arbitrary code execution. For exploitation, an attacker needs the user to open the malicious file or visit a specially-crafted malicious website with the browser plugin enabled.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Foxitsoftware Foxit Reader

Affected Vendors

Foxit Software Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sWy3T5
https://www.cve.org/CVERecord?id=CVE-2023-35985
https://nvd.nist.gov/vuln/detail/CVE-2023-35985

Back to Vulnerability Database