Foxitsoftware Foxit Reader 12.1.3.15356
Approved changes feed: RSS · Atom
cpe:2.3:a:foxitsoftware:foxit_reader:12.1.3.15356:*:*:*:*:*:*:*
part: a version: 12.1.3.15356 update: *
| Vendor | Foxitsoftware (432505a3-624b-5d0c-b6e3-841531927527) |
|---|---|
| Product | Foxit Reader (058768da-164a-5e12-a06d-4983e7214eaf) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-41257 |
vulnerable | 2026-06-03 14:52:51.455057 |
Details available
HIGH (8.8)
A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2023-11-27T15:25:09.111Z
Updated: 2025-11-04T19:21:04.665Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40194 |
vulnerable | 2026-06-03 14:52:42.711701 |
Details available
HIGH (8.8)
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2023-11-27T15:25:11.538Z
Updated: 2025-11-04T19:17:47.562Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39542 |
vulnerable | 2026-06-03 14:52:39.176814 |
Details available
HIGH (8.8)
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Published: 2023-11-27T15:25:12.044Z
Updated: 2025-11-04T19:17:44.282Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-35985 |
vulnerable | 2026-06-03 14:52:19.364879 |
Details available
HIGH (8.8)
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.
Published: 2023-11-27T15:25:11.052Z
Updated: 2025-11-04T19:17:06.076Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.