Skip to main content

Security updates address multiple vulnerabilities that could lead to remote code execution, information disclosure, privilege escalation, or DoS

Threat ID:CC-4566
Threat Severity:Medium
Published:23 October 2024 3:22 PM

Summary

Security updates address multiple vulnerabilities that could lead to remote code execution, information disclosure, privilege escalation, or DoS

Affected platforms

The following platforms are known to be affected:

Threat details

Proof-of-concept for CVE-2024-28888

Proof-of-concept exploit code has been published for CVE-2024-28888. NHS England National CSOC considers exploitation more likely.


Introduction

Foxit has released security updates to address multiple vulnerabilities in Foxit PDF Editor for Windows and MacOS. 

The most concerning vulnerability is a use-after-free vulnerability known as CVE-2024-28888 that could allow an attacker to achieve remote code execution (RCE) or gain information disclosure. Other vulnerabilities include privilege escalationdenial-of-service (DoS), and side-loading, which could allow attackers the ability to run malicious payloads.

Remediation advice

Affected organisations are encouraged to review the Foxit Security Bulletins (Release date October 18, 2024) and apply the relevant updates.   

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-28888A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
StatusPublished
CVE-2024-7725Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23928.
StatusReserved
CVE-2024-9254

Last edited: 23 October 2024 3:33 pm

Back to top