CVE-2024-47810

Name of the Vulnerable Software and Affected Versions Foxit Reader version 2024.3.0.26795

Description A use-after-free vulnerability exists in the way Foxit Reader handles a 3D page object. This can be triggered by a specially crafted Javascript code inside a malicious PDF document, leading to memory corruption and potentially resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site when the browser plugin extension is enabled.

Recommendations For Foxit Reader version 2024.3.0.26795, consider disabling the handling of 3D page objects or the execution of Javascript code within PDF documents as a temporary workaround until a patch is available. Restrict access to malicious PDF files and avoid visiting untrusted websites with the browser plugin extension enabled to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.