SB2023041948 - Multiple vulnerabilities in Foxit PDF Reader and Editor
Published: April 19, 2023 Updated: June 17, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) External Control of File Name or Path (CVE-ID: CVE-2023-27363)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper handling of the cPath parameter in the exportXFAData method. A remote attacker can write an arbitrary file with .hta extension to the Startup folder and execute arbitrary code after a restart.
2) Exposed dangerous method or function (CVE-ID: CVE-2023-27364)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improperly imposed security restrictions on macro-enabled documents when handling XLS files. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary macro without proper restrictions or consents from users.
3) Exposed dangerous method or function (CVE-ID: CVE-2023-27365)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improperly imposed security restrictions on macro-enabled documents when handling DOC files. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary macro without proper restrictions or consents from users.
4) Use-after-free (CVE-ID: CVE-2023-27366)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling Doc objects. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Incorrect default permissions (CVE-ID: N/A)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application, if application is installed in a non-standard directory. A local user with access to the system can view contents of files and directories or modify them.
6) Input validation error (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of XFA JavaScripts. A remote attacker can trick the victim to open a specially crafted file and crash the application.
Remediation
Install update from vendor's website.
References
- https://www.foxitsoftware.com/support/security-bulletins.html
- https://www.zerodayinitiative.com/advisories/ZDI-23-491/
- https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PDF+Reader+12.1.2+and+Foxit+PDF+Editor+12.1.22023-04-19+00%3A00%3A00
- https://www.zerodayinitiative.com/advisories/ZDI-23-492/
- https://www.zerodayinitiative.com/advisories/ZDI-23-493/
- https://www.zerodayinitiative.com/advisories/ZDI-23-494/