cvelistv5 - cve-2023-42090

CVE-2023-42090 (GCVE-0-2023-42090)

Vulnerability from cvelistv5 – Published: 2024-05-03 02:13 – Updated: 2024-08-02 19:16

Summary

Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21596.

Severity ?

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE

CWE-125 - Out-of-bounds Read

Assigner

zdi

References

URL

Tags

	https://www.zerodayinitiative.com/advisories/ZDI-…	x_research-advisory
	https://www.foxit.com/support/security-bulletins.html	vendor-advisory

Impacted products

	Vendor	Product	Version
	Foxit	PDF Reader	Affected: 12.1.2.15332

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pdf_editor",
            "vendor": "foxit",
            "versions": [
              {
                "lessThanOrEqual": "10.1.12.37872",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:foxit:pdf_editor:11.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pdf_editor",
            "vendor": "foxit",
            "versions": [
              {
                "lessThanOrEqual": "11.2.6.53790 ",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42090",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-07T16:00:19.739583Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:25:26.123Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:16:50.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1423",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1423/"
          },
          {
            "name": "vendor-provided URL",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.foxit.com/support/security-bulletins.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "PDF Reader",
          "vendor": "Foxit",
          "versions": [
            {
              "status": "affected",
              "version": "12.1.2.15332"
            }
          ]
        }
      ],
      "dateAssigned": "2023-09-06T16:25:45.314-05:00",
      "datePublic": "2023-09-12T16:00:10.739-05:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21596."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T02:13:04.409Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1423",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1423/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.foxit.com/support/security-bulletins.html"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Anonymous"
      },
      "title": "Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-42090",
    "datePublished": "2024-05-03T02:13:04.409Z",
    "dateReserved": "2023-09-06T21:14:24.431Z",
    "dateUpdated": "2024-08-02T19:16:50.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.1.12.37872\", \"matchCriteriaId\": \"5EAD23A5-0348-4C9A-B358-75547BC34187\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.2.7.53812\", \"matchCriteriaId\": \"2B0EC435-6326-47A5-A7BB-1782B2686182\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndIncluding\": \"12.1.3.15356\", \"matchCriteriaId\": \"34DAD9FB-1ABF-459D-B9BC-537056B3B75B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:foxit:pdf_editor:2023.1.0.15510:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EEBA9B0-0481-4B3F-BEC4-0084A237518E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"12.1.3.15356\", \"matchCriteriaId\": \"903017F2-D223-483F-9E29-3F71745A68D5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\\n\\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21596.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de divulgaci\\u00f3n de informaci\\u00f3n de lectura fuera de los l\\u00edmites del objeto XFA Doc de Foxit PDF Reader. Esta vulnerabilidad permite a atacantes remotos revelar informaci\\u00f3n confidencial sobre las instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\\u00edfica existe en el manejo de objetos Doc. El problema se debe a la falta de una validaci\\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\\u00e1s all\\u00e1 del final de un b\\u00fafer asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-21596.\"}]",
      "id": "CVE-2023-42090",
      "lastModified": "2024-11-21T08:22:15.047",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.2}], \"cvssMetricV30\": [{\"source\": \"zdi-disclosures@trendmicro.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 1.4}]}",
      "published": "2024-05-03T03:15:45.817",
      "references": "[{\"url\": \"https://www.foxit.com/support/security-bulletins.html\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-1423/\", \"source\": \"zdi-disclosures@trendmicro.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.foxit.com/support/security-bulletins.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-1423/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "zdi-disclosures@trendmicro.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"zdi-disclosures@trendmicro.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-42090\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2024-05-03T03:15:45.817\",\"lastModified\":\"2024-11-21T08:22:15.047\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\\n\\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21596.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites del objeto XFA Doc de Foxit PDF Reader. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre las instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos Doc. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-21596.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}],\"cvssMetricV30\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.1.12.37872\",\"matchCriteriaId\":\"5EAD23A5-0348-4C9A-B358-75547BC34187\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.2.7.53812\",\"matchCriteriaId\":\"2B0EC435-6326-47A5-A7BB-1782B2686182\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.3.15356\",\"matchCriteriaId\":\"34DAD9FB-1ABF-459D-B9BC-537056B3B75B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxit:pdf_editor:2023.1.0.15510:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EEBA9B0-0481-4B3F-BEC4-0084A237518E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.1.3.15356\",\"matchCriteriaId\":\"903017F2-D223-483F-9E29-3F71745A68D5\"}]}]}],\"references\":[{\"url\":\"https://www.foxit.com/support/security-bulletins.html\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-23-1423/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.foxit.com/support/security-bulletins.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-23-1423/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-1423/\", \"name\": \"ZDI-23-1423\", \"tags\": [\"x_research-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.foxit.com/support/security-bulletins.html\", \"name\": \"vendor-provided URL\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:16:50.096Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-42090\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-07T16:00:19.739583Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:foxit:pdf_editor:-:*:*:*:*:*:*:*\"], \"vendor\": \"foxit\", \"product\": \"pdf_editor\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1.12.37872\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:foxit:pdf_editor:11.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"foxit\", \"product\": \"pdf_editor\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"11.2.6.53790 \"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-07T16:00:12.721Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability\", \"source\": {\"lang\": \"en\", \"value\": \"Anonymous\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\"}}], \"affected\": [{\"vendor\": \"Foxit\", \"product\": \"PDF Reader\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.1.2.15332\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2023-09-12T16:00:10.739-05:00\", \"references\": [{\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-23-1423/\", \"name\": \"ZDI-23-1423\", \"tags\": [\"x_research-advisory\"]}, {\"url\": \"https://www.foxit.com/support/security-bulletins.html\", \"name\": \"vendor-provided URL\", \"tags\": [\"vendor-advisory\"]}], \"dateAssigned\": \"2023-09-06T16:25:45.314-05:00\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\\n\\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21596.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125: Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"shortName\": \"zdi\", \"dateUpdated\": \"2024-05-03T02:13:04.409Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-42090\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T19:16:50.096Z\", \"dateReserved\": \"2023-09-06T21:14:24.431Z\", \"assignerOrgId\": \"99f1926a-a320-47d8-bbb5-42feb611262e\", \"datePublished\": \"2024-05-03T02:13:04.409Z\", \"assignerShortName\": \"zdi\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2023-42090

Vulnerability from fkie_nvd - Published: 2024-05-03 03:15 - Updated: 2024-11-21 08:22

Severity ?

7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Summary

References

URL	Tags
zdi-disclosures@trendmicro.com	https://www.foxit.com/support/security-bulletins.html	Patch, Vendor Advisory
zdi-disclosures@trendmicro.com	https://www.zerodayinitiative.com/advisories/ZDI-23-1423/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.foxit.com/support/security-bulletins.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-23-1423/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
foxit	pdf_editor	*
foxit	pdf_editor	*
foxit	pdf_editor	*
foxit	pdf_editor	2023.1.0.15510
foxit	pdf_reader	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EAD23A5-0348-4C9A-B358-75547BC34187",
              "versionEndIncluding": "10.1.12.37872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B0EC435-6326-47A5-A7BB-1782B2686182",
              "versionEndIncluding": "11.2.7.53812",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34DAD9FB-1ABF-459D-B9BC-537056B3B75B",
              "versionEndIncluding": "12.1.3.15356",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foxit:pdf_editor:2023.1.0.15510:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EEBA9B0-0481-4B3F-BEC4-0084A237518E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "903017F2-D223-483F-9E29-3F71745A68D5",
              "versionEndIncluding": "12.1.3.15356",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21596."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites del objeto XFA Doc de Foxit PDF Reader. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre las instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos Doc. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-21596."
    }
  ],
  "id": "CVE-2023-42090",
  "lastModified": "2024-11-21T08:22:15.047",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "zdi-disclosures@trendmicro.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-03T03:15:45.817",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.foxit.com/support/security-bulletins.html"
    },
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1423/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.foxit.com/support/security-bulletins.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1423/"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VWX9-WPFQ-72Q9

Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31

Details

The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21596.

Severity ?

3.3 (Low)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-42090"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:15:45Z",
    "severity": "LOW"
  },
  "details": "Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21596.",
  "id": "GHSA-vwx9-wpfq-72q9",
  "modified": "2024-05-03T03:31:01Z",
  "published": "2024-05-03T03:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42090"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1423"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-42090

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2023-42090

Aliases

CVE-2023-42090

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-42090",
    "id": "GSD-2023-42090"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-42090"
      ],
      "id": "GSD-2023-42090",
      "modified": "2023-12-13T01:20:22.027920Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-42090",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

WID-SEC-W-2023-2304

Vulnerability from csaf_certbund - Published: 2023-09-11 22:00 - Updated: 2023-09-12 22:00

Summary

Foxit PDF Editor und Foxit PDF Reader: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Foxit PDF Editor ist ein Tool zur Bearbeitung von PDF-Dateien. Foxit Reader ist ein PDF Reader.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Foxit PDF Editor ist ein Tool zur Bearbeitung von PDF-Dateien.\r\nFoxit Reader ist ein PDF Reader.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2304 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2304.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2304 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2304"
      },
      {
        "category": "external",
        "summary": "Foxit Security Bulletin vom 2023-09-11",
        "url": "https://www.foxit.com/support/security-bulletins.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Foxit PDF Editor und Foxit PDF Reader: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-09-12T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:58:13.224+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2304",
      "initial_release_date": "2023-09-11T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-09-11T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-09-12T22:00:00.000+00:00",
          "number": "2",
          "summary": "CVE Nummern erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Foxit PDF Editor \u003c 2023.2",
            "product": {
              "name": "Foxit PDF Editor \u003c 2023.2",
              "product_id": "T029777",
              "product_identification_helper": {
                "cpe": "cpe:/a:foxitsoftware:pdf_editor:2023.2"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Foxit Reader \u003c 2023.2",
            "product": {
              "name": "Foxit Reader \u003c 2023.2",
              "product_id": "T029778",
              "product_identification_helper": {
                "cpe": "cpe:/a:foxitsoftware:foxit_reader:2023.2"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Foxit"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-42098",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader. Der Fehler besteht aufgrund mehrerer Use-after-free-Fehler, mehrerer NULL-Zeiger-Dereferenzen und bei der Verwendung spezieller JavaScripts. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-42098"
    },
    {
      "cve": "CVE-2023-42097",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader. Der Fehler besteht aufgrund mehrerer Use-after-free-Fehler, mehrerer NULL-Zeiger-Dereferenzen und bei der Verwendung spezieller JavaScripts. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-42097"
    },
    {
      "cve": "CVE-2023-42096",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader. Der Fehler besteht aufgrund mehrerer Use-after-free-Fehler, mehrerer NULL-Zeiger-Dereferenzen und bei der Verwendung spezieller JavaScripts. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-42096"
    },
    {
      "cve": "CVE-2023-42095",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader. Der Fehler besteht aufgrund mehrerer Use-after-free-Fehler, mehrerer NULL-Zeiger-Dereferenzen und bei der Verwendung spezieller JavaScripts. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-42095"
    },
    {
      "cve": "CVE-2023-42094",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader. Der Fehler besteht aufgrund mehrerer Use-after-free-Fehler, mehrerer NULL-Zeiger-Dereferenzen und bei der Verwendung spezieller JavaScripts. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-42094"
    },
    {
      "cve": "CVE-2023-42093",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader. Der Fehler besteht aufgrund mehrerer Use-after-free-Fehler, mehrerer NULL-Zeiger-Dereferenzen und bei der Verwendung spezieller JavaScripts. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-42093"
    },
    {
      "cve": "CVE-2023-42092",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader. Der Fehler besteht aufgrund mehrerer Use-after-free-Fehler, mehrerer NULL-Zeiger-Dereferenzen und bei der Verwendung spezieller JavaScripts. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-42092"
    },
    {
      "cve": "CVE-2023-42091",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader. Der Fehler besteht aufgrund mehrerer Use-after-free-Fehler, mehrerer NULL-Zeiger-Dereferenzen und bei der Verwendung spezieller JavaScripts. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-42091"
    },
    {
      "cve": "CVE-2023-42090",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader. Der Fehler besteht aufgrund mehrerer Use-after-free-Fehler, mehrerer NULL-Zeiger-Dereferenzen und bei der Verwendung spezieller JavaScripts. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-42090"
    },
    {
      "cve": "CVE-2023-42089",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader. Der Fehler besteht aufgrund mehrerer Use-after-free-Fehler, mehrerer NULL-Zeiger-Dereferenzen und bei der Verwendung spezieller JavaScripts. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-42089"
    },
    {
      "cve": "CVE-2023-39542",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in Foxit PDF Editor und Foxit Reader. Der Fehler besteht aufgrund mehrerer Use-after-free-Fehler, mehrerer NULL-Zeiger-Dereferenzen und bei der Verwendung spezieller JavaScripts. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung dieser Schwachstellen erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-39542"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-42090 (GCVE-0-2023-42090)

FKIE_CVE-2023-42090

GHSA-VWX9-WPFQ-72Q9

GSD-2023-42090

WID-SEC-W-2023-2304

Tags

Sightings

Nomenclature