QID 379068
Date Published: 2023-12-05
QID 379068: Foxit PDF Editor 11.2.7 Multiple Security Vulnerabilities
Foxit PDF Editor is a business ready PDF toolkit, used to create professional PDF documents.
Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability when handling certain JavaScripts.
Affected versions:
Foxit PDF Editor version 11.2.6.53790 and all previous 11.x versions
Foxit PDF Editor version 10.1.12.37872 and earlier
QID detection logic:(Authenticated)
This QID checks Windows Registry to get Foxit PDF Editor installation path and then reads corresponding executable((FoxitPhantomPDF.exe)) to see if it's running a vulnerable version.
Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code execution on the target system.
Solution
The vendor has issued a fix. For more information please visit Security updates available in Foxit PDF Editor 11.2.7
Vendor References
- Foxit PDF Editor 11.2.7 -
www.foxit.com/support/security-bulletins.html
CVEs related to QID 379068
CVE-2023-28744 | CVE-2023-38111 | CVE-2023-38119 | CVE-2023-38118 | CVE-2023-38107 | CVE-2023-38109 | CVE-2023-38113 | CVE-2023-38114 | CVE-2023-38112 | CVE-2023-38110 | CVE-2023-38115 | CVE-2023-38117 | CVE-2023-27379 | CVE-2023-33866 | CVE-2023-32664 | CVE-2023-33876 | CVE-2023-38105 | CVE-2023-38106 | CVE-2023-38108 | CVE-2023-38116 |
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Foxit PDF Editor 11.2.7 |
www.foxit.com/support/security-bulletins.html |