漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
Foxit Reader 安全漏洞
Vulnerability Description
Foxit Reader是中国福昕(Foxit)公司的一款PDF文档阅读器。 Foxit Reader 12.1.3.15356 版本之前存在安全漏洞,该漏洞源于 Javascript API saveAs 存在代码执行漏洞。
CVSS Information
N/A
Vulnerability Type
N/A