CVE-2022-37377

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor version 11.1.1.53537

Description This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within JavaScript optimizations due to an improper optimization, resulting in a type confusion condition. This can allow an attacker to execute code in the context of the current process. The vulnerability may also lead to potential out-of-bounds read, use-after-free, or uninitialized variable issues when handling certain JavaScripts, potentially allowing adversaries to disclose information.

Recommendations For Foxit PDF Editor version 11.1.1.53537, consider disabling JavaScript optimizations as a temporary workaround until a patch is available. Restrict access to potentially malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.