Security updates address multiple vulnerabilities that could lead to remote code execution, information disclosure, privilege escalation, or DoS

Threat ID:CC-4593

Threat Severity:Medium

Published:19 December 2024 1:14 PM

Summary

Affected platforms

The following platforms are known to be affected:

Foxit PDF Reader

Foxit PDF Reader for Windows | 2024.3.0.26795 and earlier

Foxit PDF Reader for Mac | 2024.3.0.65538 and earlier

Foxit PDF Editor

Foxit PDF Editor for Windows | 2024.3.0.26795 and earlier

Foxit PDF Editor for Windows | 2023.3.0.23028 and earlier

Foxit PDF Editor for Windows | 13.1.4.23147 and earlier

Foxit PDF Editor for Windows | 12.1.8.15703 and earlier

Foxit PDF Editor for Windows | 11.2.11.54113 and earlier

Foxit PDF Editor for Mac |2024.3.0.65538 and earlier

Foxit PDF Editor for Mac |2023.3.0.63083 and earlier

Foxit PDF Editor for Mac |13.1.4.62748 and earlier

Foxit PDF Editor for Mac |12.1.6.55574 and earlier

Foxit PDF Editor for Mac |11.1.10.1010 and earlier

Threat details

Proof-of-concept for CVE-2024-49576 and CVE-2024-47810

Proof-of-concept exploit code has been published for CVE-2024-49576 and CVE-2024-47810. NHS England National CSOC assesses exploitation as more likely.

Introduction

Foxit has released security updates to address multiple vulnerabilities in Foxit PDF Reader and Foxit PDF Editor, as well as corresponding updates for Foxit PDF Editor for Mac and Foxit PDF Reader for Mac.

The most concerning vulnerabilities are use-after-free vulnerabilities known as CVE-2024-49576 and CVE-2024-47810 that could allow an attacker to achieve remote code execution (RCE). Other vulnerabilities address information disclosure, privilege escalation, denial-of-service (DoS), and DLL hijacking, which could allow attackers the ability to execute arbitrary code, extract NTLM hashes, or access sensitive information.

Remediation advice

Affected organisations are encouraged to review the following Foxit Security Bulletins (Release date December 17, 2024) and apply the relevant updates.

Definitive source of threat updates

https://www.foxit.com/support/security-bulletins.html

CVE Vulnerabilities

StatusPublished

CVE-2024-49576A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

StatusPublished

CVE-2024-47810A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Last edited: 19 December 2024 1:14 pm