CVE-2023-32664

{"id": "CVE-2023-32664", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-07-19T14:15:10.207", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-843"}]}], "descriptions": [{"lang": "en", "value": "A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de confusi\u00f3n de tipos en el m\u00e9todo checkThisBox de Javascript implementado en Foxit Reader 12.1.2.15332. El c\u00f3digo Javascript especialmente manipulado dentro de un documento PDF malicioso puede da\u00f1ar la memoria y provocar la ejecuci\u00f3n remota de c\u00f3digo. El usuario tendr\u00eda que abrir un archivo malicioso para activar la vulnerabilidad."}], "lastModified": "2023-09-15T19:15:07.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_reader:12.1.2.15332:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03BAF434-E618-4E4D-AABE-BE5A1298F877"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}