CVE-2021-40420

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader version 11.1.0.52543

Description A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader. This vulnerability can be triggered by a specially-crafted PDF document, leading to the reuse of previously freed memory, which can result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site when the browser plugin extension is enabled.

Recommendations For Foxit PDF Reader version 11.1.0.52543, consider disabling the JavaScript engine until a patch is available to prevent exploitation. Restrict access to malicious PDF documents and avoid visiting untrusted websites with the browser plugin extension enabled.