Information Disclosure Vulnerability in Foxit PDF Reader
CVE-2024-9251

7.8HIGH

Key Information:

Vendor: Foxit
Status: PDF Editor; PDF Reader
Vendor: CVE Published:; 22 November 2024

Summary

This vulnerability exists in Foxit PDF Reader due to improper handling of Annotation objects. Attackers can exploit this flaw, enabling them to disclose sensitive information by tricking users into opening malicious files or visiting harmful web pages. The exploitation occurs because the software fails to validate the existence of an object before performing operations on it. When successfully executed, this vulnerability can be combined with other weaknesses, leading to potentially severe implications for information integrity. Users and organizations using affected versions of Foxit PDF Reader should consider implementing security best practices and monitor for updates from the vendor.

References

https://www.foxit.com/support/security-bulletins.html

https://www.zerodayinitiative.com/advisories/ZDI-24-1306/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024

Collectors

NVD Database