First published: Wed Jul 19 2023(Updated: )
A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.
Credit: talos-cna@cisco.com talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Foxit PDF Reader | =12.1.2.15332 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-32664.
The severity of CVE-2023-32664 is high.
Foxit PDF Reader version 12.1.2.15332 is affected by CVE-2023-32664.
A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution when opened by the user.
Yes, upgrading to a version of Foxit PDF Reader that is not affected by CVE-2023-32664 will fix the vulnerability.