A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 18 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Dec 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |
Weaknesses | CWE-416 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: talos
Published: 2024-12-18T15:57:33.904Z
Updated: 2024-12-18T18:03:41.559Z
Reserved: 2024-10-16T21:19:57.878Z
Link: CVE-2024-49576

Updated: 2024-12-18T18:03:41.559Z

Status : Received
Published: 2024-12-18T16:15:13.477
Modified: 2024-12-18T18:15:07.417
Link: CVE-2024-49576

No data.