Use-After-Free Vulnerability in Foxit PDF Reader Software
CVE-2023-28744
8.8HIGH
Summary
A use-after-free vulnerability in the JavaScript engine of Foxit Software's PDF Reader (version 12.1.1.15289) enables attackers to exploit memory issues by crafting malicious PDF documents. When a user opens a compromised file or visits a dangerous website with the browser plugin enabled, the vulnerability can trigger reuse of previously released memory through specific manipulations of form fields. This can result in memory corruption, potentially allowing for arbitrary code execution, putting user systems at risk.
Affected Version(s)
Foxit Reader 12.1.1.15289
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Discovered by Aleksandar Nikolic of Cisco Talos.