CVE-2023-42092 – This is a use-after-free vulnerability in Foxit... (How to Fix)

Q: What is the severity of CVE-2023-42092?

CVE-2023-42092 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in Foxit PDF Reader's Doc object handling that allows remote attackers to execute arbitrary code. Attackers can exploit it by tricking users into opening malicious PDF files or visiting malicious web pages. All users running vulnerable versions of Foxit PDF Reader are affected.

📋 TL;DR

This is a use-after-free vulnerability in Foxit PDF Reader's Doc object handling that allows remote attackers to execute arbitrary code. Attackers can exploit it by tricking users into opening malicious PDF files or visiting malicious web pages. All users running vulnerable versions of Foxit PDF Reader are affected.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: Versions prior to 2023.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine, data theft, ransomware deployment, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to data exfiltration, malware installation, and persistence establishment on the compromised system.

🟢

If Mitigated

Limited impact with sandboxing or application hardening preventing code execution, potentially resulting only in application crash.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). The vulnerability is well-documented and weaponization is likely given the prevalence of PDF readers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.3 and later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit PDF Reader
2. Go to Help > Check for Updates
3. Follow prompts to update to version 2023.3 or later
4. Restart the application

🔧 Temporary Workarounds

Disable JavaScript in Foxit Reader

windows

Prevents exploitation vectors that rely on JavaScript execution

Open Foxit Reader > File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use Protected View

windows

Opens PDFs in sandboxed mode to limit potential damage

Open Foxit Reader > File > Preferences > General > Check 'Enable Safe Reading Mode'

🧯 If You Can't Patch

Disable Foxit PDF Reader as default PDF handler and use alternative PDF readers
Implement application whitelisting to block Foxit Reader execution

🔍 How to Verify

Check if Vulnerable:

Check Foxit Reader version: Open Foxit Reader > Help > About Foxit Reader. If version is below 2023.3, you are vulnerable.

Check Version:

Not applicable - check via GUI as described above

Verify Fix Applied:

Verify version is 2023.3 or higher in Help > About Foxit Reader. Test opening known safe PDF files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Application crashes of FoxitReader.exe
Unusual process creation from FoxitReader.exe
Memory access violations in application logs

Network Indicators:

Downloads of PDF files from untrusted sources
Outbound connections initiated by FoxitReader.exe

SIEM Query:

Process:FoxitReader.exe AND (EventID:1000 OR ParentImage:FoxitReader.exe)

📊 Metadata

CVE ID: CVE-2023-42092

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 3, 2024

Last Updated: November 21, 2024

🔗 References

https://www.foxit.com/support/security-bulletins.html Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1425/ Third Party Advisory,VDB Entry
https://www.foxit.com/support/security-bulletins.html Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1425/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42092, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in Foxit Reader

Use Protected View

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities