CVE-2023-39542
First published: Mon Nov 27 2023(Updated: )
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxitsoftware Foxit Reader | =12.1.3.15356 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-39542?
CVE-2023-39542 is a code execution vulnerability in the Javascript saveAs API of Foxit Reader 12.1.3.15356.
How does CVE-2023-39542 affect Foxit Reader?
CVE-2023-39542 allows a specially crafted malformed file to create arbitrary files, leading to remote code execution in Foxit Reader 12.1.3.15356.
How can an attacker exploit CVE-2023-39542?
To exploit CVE-2023-39542, an attacker needs to trick the user into opening a malicious file.
What is the severity of CVE-2023-39542?
CVE-2023-39542 has a severity value of 8.8, indicating a high severity.
Is there a fix for CVE-2023-39542?
At this time, there is no known fix for CVE-2023-39542. It is recommended to follow the vendor's guidance for updates and patches.
- collector/mitre-cve
- collector/nvd-api
- agent/references
- vendor/foxitsoftware
- canonical/foxitsoftware foxit reader
- version/foxitsoftware foxit reader/12.1.3.15356