Foxit Reader Use-After-Free Vulnerability Can Lead to Arbitrary Code Execution
CVE-2024-28888
8.8HIGH
Summary
A use-after-free vulnerability exists in Foxit Reader, specifically in the handling of checkbox field objects. Attackers can exploit this flaw by embedding specially crafted JavaScript code in malicious PDF documents, which can lead to memory corruption and arbitrary code execution on the victim's system. Users can be targeted through social engineering to open these malicious files, or by visiting malicious websites where the risk increases if the browser's Foxit Reader plugin is enabled. Awareness and caution are essential to mitigate the risk posed by this vulnerability.
Affected Version(s)
Foxit Reader 2024.1.0.23997
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Credit
Discovered by KPC of Cisco Talos.