Security updates address multiple vulnerabilities that could lead to remote code execution, information disclosure, privilege escalation, or DoS

Threat ID:CC-4554

Threat Severity:Medium

Published:27 September 2024 2:37 PM

Summary

Affected platforms

The following platforms are known to be affected:

Foxit PDF Reader

2024.2.3.25184 and earlier

Foxit PDF Editor

2024.2.3.25184 and earlier
2023.3.0.23028 and earlier
13.1.3.22478 and earlier
12.1.7.15526 and earlier
11.2.10.53951 and earlier

Threat details

Proof-of-concept for CVE-2024-28888

Proof-of-concept exploit code has been published for CVE-2024-28888. NHS England National CSOC considers exploitation more likely.

Introduction

Foxit has released security updates to address multiple vulnerabilities in Foxit PDF Reader and Foxit PDF Editor as well as corresponding updates for Foxit PDF Editor for Mac and Foxit PDF Reader for Mac.

The most concerning vulnerability is a use-after-free vulnerability known as CVE-2024-28888 that could allow an attacker to achieve remote code execution (RCE) or gain information disclosure. Other vulnerabilities address privilege escalation, denial-of-service (DoS), and side-loading, which could allow attackers the ability to run malicious payloads.

Threat updates


7 Oct 2024	Proof-of-concept code for the exploitation of CVE-2024-28888 has been published

Remediation advice

Affected organisations are encouraged to review the following the Foxit Security Bulletins (Release date September 26, 2024) and apply the relevant updates.

Definitive source of threat updates

https://www.foxit.com/support/security-bulletins.html

CVE Vulnerabilities

StatusPublished

CVE-2024-28888A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

StatusReserved

CVE-2024-38393Remote exploitation of a design error vulnerability in Foxit’s PDF Reader and PDF Editor could allow an attacker to gain escalated privileges on the targeted host. A design error vulnerability exists in PDF Reader and PDF Editor. This error occurs due to improper resource permissions, signature validation, certificate checks, weak randomness in temporary folder names, or DLL loading without a manifest file.

StatusPublished

CVE-2024-7725Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23928.

StatusPublished

CVE-2024-41605An issue in Foxit Software Foxit PDF Reader v.2024.2.2.25170 allows a local attacker to execute arbitrary code via the FoxitPDFReaderUpdater.exe component

Last edited: 7 October 2024 3:22 pm