Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Multiple vulnerabilities in Foxit PDF Reader and Editor products can lead to Remote Code Execution
Image
Gepubliceerd : 02/08/2023
Reference:
Advisory #2023-91
Version:
1.0
Affected software:
Foxit PDF Editor (previously named Foxit PhantomPDF) versions 12.1.2.15332 and all previous 12.x versions, 11.2.6.53790 and all previous 11.x versions, 10.1.12.37872 and earlier
Foxit PDF Editor for Mac (previously named Foxit PhantomPDF Mac) versions 12.1.0.1229 and all previous 12.x versions, 11.1.4.1121 and earlier
Foxit PDF Reader (previously named Foxit Reader) versions 12.1.2.15332 and earlier
Foxit PDF Reader for Mac (previously named Foxit Reader Mac) versions 12.1.0.1229 and earlier
Type:
Remote Code Execution (RCE)
CVE/CVSS:
CVE-2023-28744: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)CVE-2023-32664: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Sources
https://www.foxit.com/support/security-bulletins.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1739
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795
Risks
Most vulnerabilities fixed in the updates can lead to Remote Code Execution, which causes total impact in the confidentiality, integrity and availability of the vulnerable system. Attack complexity is low and there are no privileges required. Additionally, Talos has published proof-of-concept code for some of the vulnerabilities.
At the moment of writing there is no sign of the vulnerabilities being exploited in the wild. Nonetheless, malicious PDF documents are often used by attackers during phishing or social engineering attacks to execute malicious code on the victim's computer. This makes these vulnerabilities highly likely to be exploited in the future.
Description
Foxit released security updates for Foxit PDF Editor and Foxit PDF Editor for the platforms Windows and MacOS. The updates fix several vulnerabilities that can lead to Remote Code Execution. A small number of them are described below.
CVE-2023-28744
CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVE-2023-28744 is a use-after-free vulnerability in the JavaScript engine of Foxit PDF Reader. A specially crafted PDF document can be send to a victim, who by opening it, can trigger the reuse of previously freed memory that can lead to memory corruption and arbitrary code execution. The vulnerability can also be exploited if the victim visits a malicious website and has the PDF plugin extension enabled in the browser.
CVE-2023-32664
CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVE-2023-32664 is a type confusion vulnerability in the JavaScript checkThisBox method as implemented in Foxit PDF Reader. A specially crafted JavaScript code inside a malicious PDF document can cause memory corruption and lead to Remote Code Execution. User interaction is required.
Recommended Actions
The Centre for Cybersecurity Belgium strongly recommends to update the affected software as soon as possible.
- For Foxit PDF Editor and Reader, update to version 12.1.3.
- For Foxit PDF Editor and Reader for Mac, update to version 12.1.1