Foxit Products Use-After-Free Vulnerability Allowing Arbitrary Code Execution

A use-after-free vulnerability has been identified in Foxit PDF Reader and Foxit PDF Editor for Windows, as well as in Foxit PDF Editor for Mac. This vulnerability affects several different versions and stems from the improper handling of certain objects, which can lead to program crashes and potentially allow for arbitrary code execution. The issue arises when a function that triggers a user interface refresh is called after comments have been removed via a script, creating a scenario where an invalidated object is accessed, causing the application to crash.

Impact

Exploitation of this vulnerability can lead to program crashes and the potential execution of arbitrary code.

Remediation

Users can update to the latest versions of Foxit PDF Reader or Foxit PDF Editor. For Foxit PDF Reader, the updated version can be downloaded from the Foxit website or via the application's update feature. For Foxit PDF Editor, the latest version is also available on the Foxit website or through the application's update option.