Foxit Products Use-After-Free Vulnerability Leading to Arbitrary Code Execution
Vulnerability
A use-after-free vulnerability has been identified in Foxit PDF Reader and Foxit PDF Editor. This vulnerability arises when the application improperly manages object references, particularly with certain XFA files, Annotation objects, or Signature objects. When documents containing JavaScript are processed, the application may access invalid pointers, causing a crash. However, this flaw could be exploited to execute arbitrary code or disclose information, as the invalid objects could be manipulated before the application crashes.
Impact
Exploitation of this vulnerability could lead to a crash of the application, but more critically, it could be leveraged to execute arbitrary code with the same privileges as the user running the application.
Remediation
Users can update to the latest versions of Foxit PDF Reader or Foxit PDF Editor. Instructions for updating are available on the Foxit website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.