CVE-2024-25575

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 2024.1.0.23997

Description: A type confusion vulnerability exists in the way Foxit Reader handles a Lock object. This can be triggered by a specially crafted Javascript code inside a malicious PDF document, leading to memory corruption and potentially resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Recommendations: For Foxit Reader version 2024.1.0.23997, consider updating to a newer version that contains a fix for this issue. As a temporary workaround, avoid opening malicious PDF documents and restrict access to untrusted websites, especially if the browser plugin extension is enabled.