Remote Code Execution Vulnerability in Foxit PDF Reader and PDF Editor
CVE-2024-41605

Currently unrated

Key Information:

Vendor: Foxit Software
Vendor: CVE Published:; 26 September 2024

Summary

A significant security issue has been identified in Foxit PDF Reader and PDF Editor, where an attacker has the capability to replace legitimate update files with malware through a process known as side loading. This vulnerability arises from the update service's failure to implement integrity validation for the updater. As a result, malicious code controlled by an attacker may be executed on the affected systems, putting user data and system integrity at risk. Users are strongly encouraged to update to the latest versions of the affected products to mitigate this security threat.

References

https://www.foxit.com/support/security-bulletins.html

Timeline

Vulnerability published
Sep 26, 2024
Vulnerability Reserved
Jul 18, 2024

Collectors

NVD DatabaseMitre Database