Information Disclosure Vulnerability in Foxit PDF Editor by Foxit Software
CVE-2022-37376

3.3LOW

Key Information:

Vendor: Foxit
Status: PDF Editor
Vendor: CVE Published:; 29 March 2023

Summary

This vulnerability enables remote attackers to potentially access sensitive information from installations of Foxit PDF Editor 11.1.1.53537. Exploitation of this flaw requires user interaction, as the victim must visit a malicious webpage or open a compromised document. The issue is located in how arrays are handled, allowing an attacker to read beyond the limits of allocated objects through JavaScript actions. This could be exploited in combination with other vulnerabilities to execute arbitrary code under the privileges of the current process.

Affected Version(s)

PDF Editor 11.1.1.53537

References

https://www.foxit.com/support/security-bulletins.html

https://www.zerodayinitiative.com/advisories/ZDI-22-1048/

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2023
Vulnerability Reserved
Aug 2, 2022

Credit

Seungju Oh (@real_as3617) , DoHyun Lee (@l33d0hyun) of Zerocution