CVE-2023-42090 – This vulnerability in Foxit PDF Reader allows a... (How to Fix)

Q: What is the severity of CVE-2023-42090?

CVE-2023-42090 has a CVSS score of 7.1 (HIGH). This vulnerability in Foxit PDF Reader allows attackers to read memory beyond allocated buffers when processing malicious PDF files containing XFA Doc objects. It can disclose sensitive information and potentially be combined with other vulnerabilities for code execution. Users of affected Foxit PDF Reader versions are at risk when opening untrusted PDF files.

📋 TL;DR

This vulnerability in Foxit PDF Reader allows attackers to read memory beyond allocated buffers when processing malicious PDF files containing XFA Doc objects. It can disclose sensitive information and potentially be combined with other vulnerabilities for code execution. Users of affected Foxit PDF Reader versions are at risk when opening untrusted PDF files.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: Specific versions not detailed in provided references, but likely multiple versions before patched release

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable when opening PDF files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure combined with other vulnerabilities could lead to arbitrary code execution in the context of the current user, potentially resulting in full system compromise.

🟠

Likely Case

Sensitive information disclosure from process memory, which could include credentials, documents, or other data being processed by Foxit PDF Reader.

🟢

If Mitigated

Limited to information disclosure without code execution if proper sandboxing and memory protections are in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious PDF, but PDFs are commonly shared via email and web.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared documents.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious PDF. Information disclosure alone may require additional vulnerabilities for full exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Foxit security bulletins for specific patched versions

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit PDF Reader
2. Go to Help > Check for Updates
3. Install available updates
4. Restart the application

🔧 Temporary Workarounds

Disable JavaScript in Foxit

all

Disabling JavaScript may prevent exploitation of some PDF-based vulnerabilities

Open Foxit > File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use Protected View

all

Enable Protected View for untrusted documents

Open Foxit > File > Preferences > Trust Manager > Check 'Enable Protected View'

🧯 If You Can't Patch

Use alternative PDF readers for untrusted documents
Block PDF files from untrusted sources at network perimeter

🔍 How to Verify

Check if Vulnerable:

Check Foxit version against security bulletins at foxit.com/support/security-bulletins.html

Check Version:

Open Foxit PDF Reader > Help > About Foxit Reader

Verify Fix Applied:

Verify Foxit version is updated to latest release and matches patched versions in security bulletins

📡 Detection & Monitoring

Log Indicators:

Application crashes of Foxit Reader
Unusual memory access patterns in process monitoring

Network Indicators:

Downloads of PDF files from suspicious sources
PDF files with unusual characteristics

SIEM Query:

Process:foxitreader.exe AND (EventID:1000 OR EventID:1001) OR FileType:pdf AND SourceIP:(suspicious_ips)

📊 Metadata

CVE ID: CVE-2023-42090

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: May 3, 2024

Last Updated: November 21, 2024

🔗 References

https://www.foxit.com/support/security-bulletins.html Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1423/ Third Party Advisory,VDB Entry
https://www.foxit.com/support/security-bulletins.html Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1423/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42090, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in Foxit

Use Protected View

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities