CVE-2023-35985

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 27, 2023
Updated: Dec 1, 2023
CWE ID 610
CWE ID 73

Summary

CVE-2023-35985 is an arbitrary file creation vulnerability in Foxit Reader 12.1.3.15356. It occurs due to a failure to properly validate a dangerous extension in the Javascript exportDataObject API. This vulnerability allows a specially crafted malicious file to create files at arbitrary locations, leading to potential arbitrary code execution. The exploitation requires tricking the user into opening the malicious file or visiting a specially-crafted malicious site with the enabled browser plugin extension. The vulnerability has a base severity rating of HIGH, with high impact on integrity and confidentiality, and low attack complexity.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-35985 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options