Foxit Reader high severity vulnerability allows code execution
Take action: The FoxIT Reader is quite commonly downloaded and used since the Acrobat Reader is just too painful to use. Share this info with the organization, since the patch is really painless - just uninstall the old application and install the new one.
Learn More
Cybersecurity researchers have discovered a use-after-free vulnerability in the popular PDF reader Foxit Reader.
The vulnerability is tracked as CVE-2023-33876 with a CVSSv3 score 8.8) - near critical vulnerability.
Products affected by the vulnerability are on Linux, MacOS X, Windows
- Foxit Reader 12.1.1.15289
- Foxit Reader 12.1.2.15332
- Foxit Reader < 12.1.3.15356
This flaw can be triggered by specially crafted Javascript code inside a malicious PDF document, leading to memory corruption and potentially enabling arbitrary code execution. The vulnerability arises from how Foxit Reader handles the destruction of annotations in the PDF.
The issue can also be exploited if a user visits a malicious site with the browser plugin extension enabled, so the key risk vector is phishing and visiting malware populated sites like "free stuff" sites.
The vulnerability was confirmed on the tested version of Foxit Reader.
Patched versions of the application can be downloaded here https://www.foxit.com/downloads/#Foxit-Reader/ and here: https://www.foxit.com/downloads/#Foxit-PhantomPDF-Business/
