CVE-2023-28744

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader version 12.1.1.15289 Foxit PDF Editor (affected versions not specified)

Description A use-after-free issue exists in the JavaScript engine, allowing an attacker to execute arbitrary code by manipulating form fields of a specific type in a specially crafted PDF document. This can lead to memory corruption. Exploitation is possible if a user opens a malicious file or visits a specially crafted site with the browser plugin extension enabled.

Recommendations For Foxit PDF Reader version 12.1.1.15289, consider disabling the JavaScript engine until a patch is available. Restrict access to malicious PDF files to minimize the risk of exploitation. Avoid using the browser plugin extension until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.