Foxit Releases Security Updates Affecting Foxit PDF Editor

Security updates address multiple vulnerabilities that could lead to remote code execution, information disclosure, privilege escalation, or DoS

Threat ID:: CC-4566
Threat Severity:: Medium
Published:: 23 October 2024 3:22 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security updates address multiple vulnerabilities that could lead to remote code execution, information disclosure, privilege escalation, or DoS

Affected platforms

The following platforms are known to be affected:

Foxit PDF Editor

Foxit PDF Editor for Windows | 12.1.7.15526 and earlier
Foxit PDF Editor for Windows | 11.2.10.53951 and earlier
Foxit PDF Editor for Mac | 12.1.5.55449 and earlier
Foxit PDF Editor for Mac | 11.1.9.0524 and earlier

Threat details

Proof-of-concept for CVE-2024-28888

Proof-of-concept exploit code has been published for CVE-2024-28888. NHS England National CSOC considers exploitation more likely.

Introduction

Foxit has released security updates to address multiple vulnerabilities in Foxit PDF Editor for Windows and MacOS.

The most concerning vulnerability is a use-after-free vulnerability known as CVE-2024-28888 that could allow an attacker to achieve remote code execution (RCE) or gain information disclosure. Other vulnerabilities include privilege escalation, denial-of-service (DoS), and side-loading, which could allow attackers the ability to run malicious payloads.

Remediation advice

Affected organisations are encouraged to review the Foxit Security Bulletins (Release date October 18, 2024) and apply the relevant updates.

Definitive source of threat updates

https://www.foxit.com/support/security-bulletins.html

CVE Vulnerabilities

Status Published

CVE-2024-28888

A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Status Published

CVE-2024-7725

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23928.

Status Reserved

CVE-2024-9254

Last edited: 23 October 2024 3:33 pm