Information Disclosure Vulnerability in Foxit PDF Reader AcroForm
CVE-2024-9253
7.1HIGH
Summary
A vulnerability in Foxit PDF Reader's handling of AcroForms can allow remote attackers to disclose sensitive information on affected installations. This issue arises from improper validation of user-supplied data, potentially resulting in information being read beyond allocated buffers. Exploitation requires user interaction, where the victim must open a malicious file or visit a harmful webpage. Attackers may leverage this flaw alongside other vulnerabilities to execute arbitrary code within the context of the affected process.
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published