PT-2022-16634 · Foxit · Foxit Pdf Reader

Dohyun Lee

Published

2022-02-10

Updated

2022-02-28

CVE-2022-24356

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader version 11.0.1.0719 macOS

Description This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the OnMouseExit method due to the lack of proper validation of user-supplied data, resulting in a read past the end of an allocated object. This can be leveraged to execute code in the context of the current process.

Recommendations For Foxit PDF Reader version 11.0.1.0719 macOS, consider disabling the OnMouseExit method as a temporary workaround until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2022-24356

ZDI-22-267

Affected Products

Foxit Pdf Reader

PT-2022-16634 · Foxit · Foxit Pdf Reader

CVE-2022-24356

Weakness Enumeration

Related Identifiers

Affected Products

References · 4