A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Metrics
Affected Vendors & Products
References
History
Tue, 08 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Foxit
Foxit pdf Reader |
|
CPEs | cpe:2.3:a:foxit:pdf_reader:2024.1.0.23997:*:*:*:*:*:*:* | |
Vendors & Products |
Foxit
Foxit pdf Reader |
Thu, 03 Oct 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Foxitsoftware
Foxitsoftware foxit Reader |
|
CPEs | cpe:2.3:a:foxitsoftware:foxit_reader:2024.1.0.23997:*:*:*:*:*:*:* | |
Vendors & Products |
Foxitsoftware
Foxitsoftware foxit Reader |
|
Metrics |
ssvc
|
Thu, 03 Oct 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 02 Oct 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |
Weaknesses | CWE-416 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: talos
Published: 2024-10-02T20:51:44.661Z
Updated: 2024-10-03T15:41:56.591Z
Reserved: 2024-04-04T18:46:12.758Z
Link: CVE-2024-28888
Vulnrichment
Updated: 2024-10-03T15:41:49.223Z
NVD
Status : Modified
Published: 2024-10-02T21:15:13.430
Modified: 2024-11-21T09:07:07.100
Link: CVE-2024-28888
Redhat
No data.