7.8
CVE-2023-27363
- EPSS 81.87%
- Published 03.05.2024 02:15:14
- Last modified 11.08.2025 19:31:05
- Source zdi-disclosures@trendmicro.com
- Teams watchlist Login
- Open Login
Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Foxit ≫ Pdf Editor Version < 10.1.11.37866
Foxit ≫ Pdf Editor Version >= 11.0.0.49893 < 11.2.5.53785
Foxit ≫ Pdf Editor Version >= 12.0.0.12394 < 12.1.1.15289
Foxit ≫ Pdf Reader Version < 12.1.1.15289
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 81.87% | 0.992 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| zdi-disclosures@trendmicro.com | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-749 Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.