Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Multiple vulnerabilities in Foxit PDF, Patch Immediately!
Image
Published : 29/11/2023
Reference:
Advisory #2023-144
Version:
1.0
Affected software:
Foxit PDF Editor
Foxit PDF Reader
Type:
Arbitrary Code Execution
CVE/CVSS:
CVE-2023-41257: 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-38573: 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-39542: 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-40194: 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-35985: 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-32616: 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Sources
Foxit Security Bulletin - https://www.foxit.com/support/security-bulletins.html
Risks
Specially crafted malicious PDF documents can trigger a vulnerability listed below and lead to Remote Code Execution (RCE) when opened by a vulnerable version of Foxit PDF. If a user is using the browser plugin extension, the vulnerabilities can be triggered by opening a malicious PDF in the web browser or by visiting a malicious site.
The Centre for Cyber Security Belgium is aware of older vulnerabilities in Foxit PDF (CVE-2023-27363) being actively exploited. The CCB assesses threat actors will likely try to exploit these vulnerabilities.
Description
All vulnerabilities require an attacker to trick a user into opening a malicious file or visit a malicious site with the browser plugin enabled.
CVE-2023-41257
Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.
CVE-2023-40194, CVE-2023-39542, CVE-2023-35985
A malicious file can create files at arbitrary locations, which can lead to arbitrary code execution.
CVE-2023-38573, CVE-2023-32616
Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends system administrators to update Foxit PDF to the latest version.
References
InfoTech & InfoSec News - https://meterpreter.org/foxit-reader-users-beware-multiple-vulnerabilities-expose-users-to-remote-code-execution/
Cisco Talos - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1832
Cisco Talos - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1838
Cisco Talos - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1834
Cisco Talos - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1833
Cisco Talos - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1837
Cisco Talos - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1839