Main Vulnerability Database Vulnerabilities #VU83188

#VU83188 External Control of File Name or Path in Foxit PDF Editor (formerly Foxit PhantomPDF)

Published: November 15, 2023 / Updated: November 22, 2023

Vulnerability identifier: #VU83188

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-73

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Foxit PDF Editor (formerly Foxit PhantomPDF)

Software vendor:
Foxit Software Inc.

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to application allows an attacker to control path of the files to execute when using the OpenAction method within the PDF file. A remote attacker can trick the victim to open a specially crafted PDF file and execute arbitrary commands on the system.

Remediation

Install updates from vendor's website.

External links

https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+PDF+Editor+13.0.12023-11-14+00%3A00%3A00

#VU83188 External Control of File Name or Path in Foxit PDF Editor (formerly Foxit PhantomPDF)

Description

Remediation

External links

Please verify you're human