Foxit PDF Reader has a memory corruption vulnerability that could allow an attacker to execute arbitrary code on the victim machine. Foxit PDF Reader is a free, highly powerful, and feature-rich PDF viewer and editor for Windows, macOS, iOS, Android, and the web.
With a base CVSS score of 8.8, the vulnerability is tracked as CVE-2024-28888. A Foxit PDF Reader use-after-free vulnerability may cause memory corruption and, ultimately, arbitrary code execution on the compromised system.
Foxit PDF Reader Vulnerability
An adversary may manipulate a user into opening a malicious PDF that has been particularly created to exploit the vulnerability.
The targeted user may also be exploited if they visit a website under the attacker’s control while using the Foxit PDF Reader browser extension.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
According to Cisco Talos Proof-of-concept code information, the vulnerability arises from the way Foxit Reader processes checkbox field objects.
Typically, JavaScript is supported for dynamic forms and interactive content. Support for JavaScript creates an extra attack vector. The V8 JavaScript engine is used by Foxit Reader.
Support for Javascript in PDF editors and renderers allows for dynamic documents that can alter in response to events or user input.
The flaw originates when deletePages() releases the checkbox field object and it is subsequently used without the necessary validation. Calls to functions like addField() and CreateControl, which are involved in managing vulnerable buffers.
When the pointer is dereferenced without any validation, the crash happens. Depending on the process memory structure, it might be able to perform arbitrary read and write access, which could ultimately be exploited to execute arbitrary code.
Foxit PDF Reader/Editor v2024.3 and Foxit PDF Editor v13.1.4 have fixed the vulnerabilities. Users are advised to upgrade as soon as possible to reduce the security risks.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar