A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
History

Wed, 18 Dec 2024 18:30:00 +0000


Wed, 18 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 18 Dec 2024 16:00:00 +0000

Type Values Removed Values Added
Description A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-12-18T15:57:33.904Z

Updated: 2024-12-18T18:03:41.559Z

Reserved: 2024-10-16T21:19:57.878Z

Link: CVE-2024-49576

cve-icon Vulnrichment

Updated: 2024-12-18T18:03:41.559Z

cve-icon NVD

Status : Received

Published: 2024-12-18T16:15:13.477

Modified: 2024-12-18T18:15:07.417

Link: CVE-2024-49576

cve-icon Redhat

No data.