SB2024121815 - Multiple vulnerabilities in Foxit PDF Reader and Editor for Windows

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024121815

SB2024121815 - Multiple vulnerabilities in Foxit PDF Reader and Editor for Windows

Published: December 18, 2024 Updated: December 20, 2024

Security Bulletin ID SB2024121815
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 57% Medium 14% Low 29%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Improper authorization in handler for custom URL scheme (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error when handling XFA documents. A remote attacker can trick the victim into opening a specially crafted PDF document and compromise the affected system.


2) Improper verification of cryptographic signature (CVE-ID: N/A)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the application improperly ignores the changes to the “/NeedsRendering” key or “TextField” field when verifying the XFA documents. A remote attacker perform spoofing attack and make users believe that the document is properly signed.


3) Information disclosure (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application fails to provide a reasonable prompt for user confirmation when executing the “app.openDoc”/“LaunchAction” functions, or ignores the encryption elements and transmits form content in clear text without a proper prompt for users. A remote attacker can trick the victim into opening a specially crafted XFA file and gain access to sensitive information.


4) Insecure DLL loading (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application loads the edputil.dll library in an insecure manner. A remote attacker can place a specially crafted edputil.dll file on a remote SMB fileshare, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.


5) Use-after-free (CVE-ID: CVE-2024-49576)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


6) Use-after-free (CVE-ID: CVE-2024-47810)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling PDF files. A remote attacker can trick the victim into opening a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


7) Untrusted search path (CVE-ID: N/A)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path during application update. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.


Remediation

Install update from vendor's website.

References