Remote Code Execution Vulnerability in Foxit PDF Editor Line Annotation
CVE-2021-34967
7.8HIGH
Summary
A vulnerability has been identified in Foxit PDF Editor that pertains to improper handling of Annotation objects, leading to a potential execution of arbitrary code. The flaw is triggered when operations are performed on non-existent objects due to insufficient validation. Attackers may exploit this vulnerability by convincing users to open a malicious file or access a compromised web page, allowing them to execute code in the context of the current process. It is crucial for users of Foxit PDF Editor to remain vigilant and apply any available security updates to mitigate this risk.
Affected Version(s)
PDF Editor 11.0.0.49893
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved