vulnerability

Foxit Reader: CVE-2023-27363: Exposed Dangerous Method or Function

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	May 3, 2024	May 3, 2024	May 4, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

May 3, 2024

Added

May 3, 2024

Modified

May 4, 2026

Description

Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability when handling certain JavaScripts. This occurs as the application fails to validate the cPath parameter in the exportXFAData method and is thus forced to write to the Startup folder with an .hta file that can execute arbitrary code after a restart.

Solution

foxit_reader-update-latest

References

CVE-2023-27363
https://attackerkb.com/topics/CVE-2023-27363
https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-23-491/
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-31139
CWE-749
EUVD-EUVD-2023-31139

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report