CVE-2023-35985
First published: Mon Nov 27 2023(Updated: )
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxitsoftware Foxit Reader | =12.1.3.15356 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-35985?
CVE-2023-35985 is an arbitrary file creation vulnerability in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356.
How does CVE-2023-35985 impact Foxit Reader?
CVE-2023-35985 allows an attacker to create files at arbitrary locations, which can lead to arbitrary code execution in Foxit Reader 12.1.3.15356.
What is the severity of CVE-2023-35985?
CVE-2023-35985 has a severity rating of 8.8 (high).
How do I fix CVE-2023-35985?
To fix CVE-2023-35985, it is recommended to update Foxit Reader to version 12.1.4 or later, which addresses the vulnerability.
Where can I find more information about CVE-2023-35985?
You can find more information about CVE-2023-35985 at the following links: [Link 1](https://talosintelligence.com/vulnerability_reports/TALOS-2023-1834), [Link 2](https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1834)
- collector/mitre-cve
- collector/nvd-api
- vendor/foxitsoftware
- canonical/foxitsoftware foxit reader
- version/foxitsoftware foxit reader/12.1.3.15356