CVE-2023-41257

EPSS 0.01%
Published 27.11.2023 16:15:11
Last modified 21.11.2024 08:20:55
Source talos-cna@cisco.com
Teams watchlist Login
Open Login

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties.  A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Foxitsoftware ≫ Foxit Reader Version12.1.3.15356

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.005

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
talos-cna@cisco.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1838

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-41257

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-41257

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-41257

EUVD