Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
Foxit Reader 安全漏洞
Vulnerability Description
Foxit Reader是中国福昕(Foxit)公司的一款PDF文档阅读器。 Foxit Reader 12.1.3.15356 版本之前存在安全漏洞,该漏洞源于 Javascript API saveAs 存在代码执行漏洞。
CVSS Information
N/A
Vulnerability Type
N/A