Wei You

**Name of the Vulnerable Software and Affected Versions** PDF-XChange Editor (affected versions not specified) **Description** This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists within the handling of util objects, where an attacker can trigger a read past the end of an allocated object by performing actions in JavaScript. This can be leveraged in conjunction with other issues to execute arbitrary code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader (affected versions not specified) Foxit PDF Editor (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of Doc objects due to the lack of validation of an object's existence before performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader, update to a version that addresses the use-after-free vulnerability in the handling of Doc objects. For Foxit PDF Editor, update to a version that addresses the use-after-free vulnerability in the handling of Doc objects. As a temporary workaround, consider disabling the handling of Doc objects in both Foxit PDF Reader and Foxit PDF Editor until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PDF-XChange Editor (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the `submitForm` method, where an attacker can trigger a read past the end of an allocated buffer by performing actions in JavaScript, allowing code execution in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PDF-XChange Editor (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of Collab objects, specifically due to a buffer read past the end of an allocated buffer when performing actions in JavaScript. This can be leveraged to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.2.1.53537 **Description** This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of `Doc` objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. This can be leveraged in conjunction with other issues to execute arbitrary code in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.2.1.53537, consider disabling JavaScript handling of `Doc` objects as a temporary workaround until a patch is available. Restrict access to potentially malicious pages or files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.2.1.53537 **Description** This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of the `AFSpecial KeystrokeEx` method due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this, in conjunction with other issues, to execute arbitrary code in the context of the current process. **Recommendations** As a temporary workaround, consider disabling the `AFSpecial KeystrokeEx` method until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.2.1.53537 **Description** This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of ADBC objects, allowing an attacker to trigger a read past the end of an allocated object by performing actions in JavaScript. This can be leveraged in conjunction with other issues to execute arbitrary code in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.2.1.53537, as a temporary workaround, consider disabling JavaScript handling in the application until a patch is available. Restrict access to malicious pages or files to minimize the risk of exploitation. Avoid using the application to open untrusted PDF files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader versions 11.2.1.53537 and earlier **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the `AFSpecial KeystrokeEx` method due to the lack of validating the existence of an object prior to performing operations on it, which can result in a memory corruption condition. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.2.1.53537 and earlier, as a temporary workaround, consider disabling the `AFSpecial KeystrokeEx` method until a patch is available. Restrict access to potentially malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.2.2.53575 **Description** This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of Doc objects, specifically when the application handles certain JavaScript actions, allowing an attacker to trigger a read past the end of an allocated object. This can be leveraged in conjunction with other issues to execute arbitrary code in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.2.2.53575, consider disabling JavaScript handling for Doc objects as a temporary workaround until a patch is available. Restrict access to potentially malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF Reader version 11.2.1.53537 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of Doc objects, specifically when the application fails to properly validate allocation boundaries for objects when handling certain JavaScripts. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object, potentially leading to remote code execution in the context of the current process. **Recommendations** For Foxit PDF Reader version 11.2.1.53537, consider disabling JavaScript handling in the application as a temporary workaround until a patch is available. Restrict access to potentially malicious files or websites to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.