Vulnerability Details : CVE-2023-39542
Potential exploit
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Vulnerability category: File inclusionExecute code
Products affected by CVE-2023-39542
- cpe:2.3:a:foxitsoftware:foxit_reader:12.1.3.15356:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-39542
0.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-39542
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Talos |
CWE ids for CVE-2023-39542
-
The product allows user input to control or influence paths or file names that are used in filesystem operations.Assigned by: talos-cna@cisco.com (Secondary)
-
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-39542
-
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1832
TALOS-2023-1832 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
-
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1832
TALOS-2023-1832 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceExploit;Third Party Advisory
Jump to