Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 23 Sep 2025 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. |
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 08 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Foxit
Foxit pdf Reader |
|
CPEs | cpe:2.3:a:foxit:pdf_reader:2024.1.0.23997:*:*:*:*:*:*:* | |
Vendors & Products |
Foxit
Foxit pdf Reader |
Thu, 03 Oct 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Foxitsoftware
Foxitsoftware foxit Reader |
|
CPEs | cpe:2.3:a:foxitsoftware:foxit_reader:2024.1.0.23997:*:*:*:*:*:*:* | |
Vendors & Products |
Foxitsoftware
Foxitsoftware foxit Reader |
|
Metrics |
ssvc
|
Thu, 03 Oct 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 02 Oct 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |
Weaknesses | CWE-416 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: talos
Published:
Updated: 2025-09-23T14:17:01.678Z
Reserved: 2024-04-04T18:46:12.758Z
Link: CVE-2024-28888

Updated: 2024-10-02T23:03:02.757Z

Status : Modified
Published: 2024-10-02T21:15:13.430
Modified: 2025-09-23T15:15:30.217
Link: CVE-2024-28888

No data.

No data.