Remote Code Execution Vulnerability in Foxit PDF Editor Line Annotation
CVE-2021-34967

7.8HIGH

Key Information:

Vendor
Foxit
Vendor
CVE Published:
7 May 2024

Summary

A vulnerability has been identified in Foxit PDF Editor that pertains to improper handling of Annotation objects, leading to a potential execution of arbitrary code. The flaw is triggered when operations are performed on non-existent objects due to insufficient validation. Attackers may exploit this vulnerability by convincing users to open a malicious file or access a compromised web page, allowing them to execute code in the context of the current process. It is crucial for users of Foxit PDF Editor to remain vigilant and apply any available security updates to mitigate this risk.

Affected Version(s)

PDF Editor 11.0.0.49893

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.