CVE-2023-40194: 
Foxit PDF Reader vulnerability analysis and mitigation

An arbitrary file creation vulnerability (CVE-2023-40194) was discovered in the Javascript exportDataObject API of Foxit Reader version 12.1.3.15356. The vulnerability was discovered by Kamlapati Choubey of Cisco Talos and was disclosed to the vendor on August 28, 2023, with a patch release on November 22, 2023, followed by public disclosure on November 27, 2023 (Talos Report).

The vulnerability exists due to mistreatment of whitespace characters in the Javascript exportDataObject API. The application's security checks for blocked file extensions can be bypassed by adding a space at the end of the filename. For example, while 'exploit.acm' would be blocked, 'exploit.acm ' would bypass the checks. The application maintains a blocklist of 93 known file extensions but fails to properly validate filenames with trailing spaces. The vulnerability has been assigned a CVSSv3.1 score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Talos Report).

A successful exploitation of this vulnerability allows attackers to create files at arbitrary locations on the system, which can lead to arbitrary code execution. The impact is particularly severe as it can be triggered either by opening a malicious PDF file or by visiting a specially crafted website if the browser plugin extension is enabled (Talos Report).

The vendor released a patch on November 22, 2023, to address this vulnerability. Users are advised to update their Foxit Reader installations to the latest version that includes the security fix (Talos Report).