CVE-2023-42093

Summary

CVE-2023-42093 is a vulnerability known as "Foxit PDF Reader Annotation Use-After-Free Information Disclosure." This vulnerability affects installations of Foxit PDF Reader and can be exploited by remote attackers to disclose sensitive information. To exploit the vulnerability, user interaction is required, such as visiting a malicious page or opening a malicious file. The flaw lies in the handling of Annotation objects, where the lack of validation before performing operations on the object allows an attacker to execute arbitrary code in the current process. The vulnerability has a low base severity score of 3.3 and a low impact score of 1.4, with no privileges required for exploitation and low confidentiality impact. The affected products include various versions of Foxit PDF Reader, identified by their product codes. It is crucial for organizations using Foxit PDF Reader to apply any available patches or updates to remediate this vulnerability and prevent potential information disclosure incidents.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.