Use-After-Free Vulnerability in Foxit PDF Reader AcroForm
CVE-2024-9252

7.8HIGH

Key Information:

Vendor
Foxit
Status
PDF Editor
PDF Reader
Vendor
CVE Published:
22 November 2024

Summary

The vulnerability arises from improper handling of AcroForms within Foxit PDF Reader, specifically due to a failure to validate the presence of an object before executing operations on it. This oversight permits remote attackers to enact an information disclosure attack by enticing users to visit a carefully crafted malicious webpage or to open a specifically designed harmful file. This flaw can also be combined with other vulnerabilities, potentially allowing attackers to execute arbitrary code in the context of the user's session.

References

https://www.foxit.com/support/security-bulletins.html
https://www.zerodayinitiative.com/advisories/ZDI-24-1304/

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD Database
.