Critical Use-After-Free Vulnerability Discovered in Foxit Reader (CVE-2024-28888)

CVE-2024-28888

A significant security vulnerability has been identified in Foxit Reader version 2024.1.0.23997. Designated as CVE-2024-28888 with a CVSS score of 8.8, this use-after-free vulnerability could allow attackers to execute arbitrary code on a victim’s system. The flaw was discovered by security researcher KPC of Cisco Talos, who has also published proof-of-concept code demonstrating the exploit.

The vulnerability stems from how Foxit Reader handles a checkbox field object within PDF documents. Specifically, a specially crafted JavaScript code embedded in a malicious PDF can trigger a use-after-free condition. This memory corruption can be exploited to achieve arbitrary code execution, compromising the security of the affected system.

To exploit this vulnerability, an attacker must trick the user into opening a malicious PDF file. This could be achieved through phishing emails, deceptive website downloads, or other social engineering techniques. Additionally, if the Foxit Reader browser plugin is enabled, simply visiting a specially crafted malicious website could trigger the exploit without the user opening a file directly.

Foxit Reader is one of the most popular PDF readers globally, offering a feature-rich alternative to Adobe Acrobat Reader. Its support for JavaScript allows for interactive documents and dynamic forms but also introduces additional attack surfaces. The use of the V8 JavaScript engine, while powerful, can be a vector for sophisticated attacks if vulnerabilities are present.

Foxit has released an updated version of its software that addresses CVE-2024-28888. Users are strongly urged to update to the latest version immediately.

In addition to updating your software, exercise caution when opening PDF files from unknown sources. Be wary of unsolicited email attachments and avoid clicking on links to PDFs from untrusted websites.

Related Posts: