ID CVE-2024-28888
Summary A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
References
Vulnerable Configurations
  • cpe:2.3:a:foxit:pdf_reader:2024.1.0.23997:*:*:*:*:*:*:*
    cpe:2.3:a:foxit:pdf_reader:2024.1.0.23997:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 21-11-2024 - 09:07
Published 02-10-2024 - 21:15
Last modified 21-11-2024 - 09:07
Back to Top