CVE-2023-32664 - OpenCVE

A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Foxit	Pdf Reader

Configuration 1 [-]

cpe:2.3:a:foxit:pdf_reader:12.1.2.15332:*:*:*:*:*:*:*

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2023-07-19T13:16:36.811Z

Updated: 2023-09-15T18:34:53.320Z

Reserved: 2023-06-27T19:06:57.949Z

Link: CVE-2023-32664

JSON object: View

NVD Information

Status : Modified

Published: 2023-07-19T14:15:10.207

Modified: 2023-09-15T19:15:07.340

Link: CVE-2023-32664

JSON object: View

Redhat Information

No data.

CWE

CWE-843

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_reader:12.1.2.15332:*:*:*:*:*:*:*", "matchCriteriaId": "03BAF434-E618-4E4D-AABE-BE5A1298F877", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de confusi\u00f3n de tipos en el m\u00e9todo checkThisBox de Javascript implementado en Foxit Reader 12.1.2.15332. El c\u00f3digo Javascript especialmente manipulado dentro de un documento PDF malicioso puede da\u00f1ar la memoria y provocar la ejecuci\u00f3n remota de c\u00f3digo. El usuario tendr\u00eda que abrir un archivo malicioso para activar la vulnerabilidad."}], "id": "CVE-2023-32664", "lastModified": "2023-09-15T19:15:07.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2023-07-19T14:15:10.207", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "talos-cna@cisco.com", "type": "Primary"}]}