Foxit Reader: Access of Resource Using Incompatible Type ('Type Confusion') (CVE-2023-41257)

发布于3月6日3月6日

Members

Foxit Reader: Access of Resource Using Incompatible Type ('Type Confusion') (CVE-2023-41257)

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

11/27/2023

Created

12/05/2023

Added

12/04/2023

Modified

01/28/2025

Description

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties.A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Solution(s)

foxit-reader-upgrade-latest

References

https://attackerkb.com/topics/cve-2023-41257
CVE - 2023-41257
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1838

引用

Mention

登录

Foxit Reader: Access of Resource Using Incompatible Type ('Type Confusion') (CVE-2023-41257)

recommended_posts

Foxit Reader: Access of Resource Using Incompatible Type ('Type Confusion') (CVE-2023-41257)

Description

Solution(s)

References

参与讨论

欢迎来到红帽社区

帐户

导航

搜索