6 Arbitrary Code Execution Flaws Patched in Foxit Reader

In the digital age, where PDFs are as ubiquitous as emails, the recent discovery of six code execution flaws [1, 2, 3, 4, 5, 6] in Foxit Reader by Cisco’s Talos Vulnerability Development Team has sent ripples through the cybersecurity community. Foxit Reader, a widely used multilingual freemium PDF tool, is lauded for its ability to create, view, edit, digitally sign, and print PDF files across various platforms.

Foxit Reader’s version, and possibly earlier versions, were found to be susceptible to a range of vulnerabilities, each with its unique method of exploitation and potential for damage. These include:

1. Two Use-After-Free Vulnerabilities: These critical flaws could allow attackers to execute arbitrary code by exploiting the way Foxit Reader handles a signature field and 3D annotations.

2. An Arbitrary File Creation Vulnerability: This vulnerability stems from the way the software handles field value properties.

3. A Type Confusion Vulnerability: This issue arises from the way Foxit Reader processes the `saveAs` method of the Doc object.

4. Two Additional Arbitrary File Creation Vulnerabilities: These are linked to Foxit Reader’s failure to properly validate dangerous extensions and the way it handles the `exportDataObject` method of the Doc object.

The exploitation of these vulnerabilities requires user interaction, such as opening a malicious file or visiting a specially crafted website, especially if the browser plugin extension is enabled.

The vulnerabilities have been assigned the following CVE identifiers: CVE-2023-38573, CVE-2023-32616, CVE-2023-35985, CVE-2023-41257, CVE-2023-40194, and CVE-2023-39542, with each flaw carrying a CVSS score of 8.8. This high severity rating underscores the critical need for awareness and action from users and administrators.

Upon notification by the Talos team, Foxit promptly patched these vulnerabilities, reflecting the company’s commitment to user security. However, the discovery of these flaws serves as a stern reminder to users and organizations of the importance of maintaining up-to-date software and being vigilant against potential cyber threats.