Rich

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.1.0.52543 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of AcroForms, specifically due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.1.0.52543, consider disabling the handling of AcroForms as a temporary workaround until a patch is available. Restrict access to potentially malicious files or web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.1.0.52543 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of AcroForms, resulting from the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.1.0.52543, consider disabling the handling of AcroForms as a temporary workaround until a patch is available. Restrict access to potentially malicious files or web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.1.0.52543 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of AcroForms, specifically due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.1.0.52543, consider disabling the handling of AcroForms as a temporary workaround until a patch is available. Restrict access to potentially malicious files or web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.1.0.52543 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of `Annotation` objects due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.1.0.52543, consider disabling the handling of `Annotation` objects as a temporary workaround until a patch is available. Restrict access to potentially malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.1.0.52543 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the parsing of AcroForms due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.1.0.52543, consider disabling the AcroForms parsing functionality until a patch is available. Restrict access to malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.1.0.52543 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of `Annotation` objects due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.1.0.52543, as a temporary workaround, consider disabling the handling of `Annotation` objects until a patch is available. Restrict access to potentially malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.1.0.52543 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of `Doc` objects due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.1.0.52543, as a temporary workaround, consider disabling the handling of `Doc` objects until a patch is available. Restrict access to potentially malicious files or web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) Foxit PhantomPDF (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the implementation of the `transitionToState` method, resulting from the lack of validation of an object's existence before performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader, consider disabling the `transitionToState` method until a patch is available. For Foxit PhantomPDF, restrict access to the `transitionToState` method to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) Foxit PhantomPDF (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of Annotation objects due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader, update to a version that addresses the Annotation Use-After-Free Remote Code Execution issue. For Foxit PhantomPDF, update to a version that addresses the Annotation Use-After-Free Remote Code Execution issue. As a temporary workaround, consider disabling the handling of Annotation objects in both Foxit PDF Reader and Foxit PhantomPDF until a patch is available.