CVE-2023-42091 - OpenCVE

Foxit PDF Reader XFA Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21601.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Foxit	Pdf Reader Pdf Editor

Configuration 1 [-]

OR	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor:2023.1.0.15510:::::::*
	cpe:2.3:a:foxit:pdf_reader::::::::

References

Link	Resource
https://www.foxit.com/support/security-bulletins.html	Patch Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1424/	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: zdi

Published: 2024-05-03T02:13:05.209Z

Updated: 2024-06-04T17:25:22.583Z

Reserved: 2023-09-06T21:14:24.431Z

Link: CVE-2023-42091

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-05-03T03:15:45.980

Modified: 2024-05-23T20:20:52.897

Link: CVE-2023-42091

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-42091", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2023-09-06T21:14:24.431Z", "datePublished": "2024-05-03T02:13:05.209Z", "dateUpdated": "2024-06-04T17:25:22.583Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2024-05-03T02:13:05.209Z"}, "title": "Foxit PDF Reader XFA Doc Object Use-After-Free Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "Foxit PDF Reader XFA Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21601."}], "affected": [{"vendor": "Foxit", "product": "PDF Reader", "versions": [{"version": "12.1.2.15332", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1424/", "name": "ZDI-23-1424", "tags": ["x_research-advisory"]}, {"url": "https://www.foxit.com/support/security-bulletins.html", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2023-09-06T16:25:45.320-05:00", "datePublic": "2023-09-12T16:00:15.461-05:00", "source": {"lang": "en", "value": "Anonymous"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-42091", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-03T19:11:31.289562Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:foxit:pdf_reader:-:*:*:*:*:*:*:*"], "vendor": "foxit", "product": "pdf_reader", "versions": [{"status": "affected", "version": "12.1.2.15332"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:25:22.583Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EAD23A5-0348-4C9A-B358-75547BC34187", "versionEndIncluding": "10.1.12.37872", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B0EC435-6326-47A5-A7BB-1782B2686182", "versionEndIncluding": "11.2.7.53812", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "34DAD9FB-1ABF-459D-B9BC-537056B3B75B", "versionEndIncluding": "12.1.3.15356", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:2023.1.0.15510:*:*:*:*:*:*:*", "matchCriteriaId": "5EEBA9B0-0481-4B3F-BEC4-0084A237518E", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "903017F2-D223-483F-9E29-3F71745A68D5", "versionEndIncluding": "12.1.3.15356", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Foxit PDF Reader XFA Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21601."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo Use-After-Free del objeto Foxit PDF Reader XFA Doc. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Foxit PDF Reader. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos Doc. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-21601."}], "id": "CVE-2023-42091", "lastModified": "2024-05-23T20:20:52.897", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-03T03:15:45.980", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.foxit.com/support/security-bulletins.html"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1424/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}