Talos Vulnerability Report TALOS-2024-1959 Foxit Reader ComboBox widget Format event use-after-free vulnerability April 30, 2024 CVE Number CVE-2024-25648 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. CONFIRMED VULNERABLE VERSIONS The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor. Foxit Reader 2024.1.0.23997 PRODUCT URLS Foxit Reader – https://www.foxitsoftware.com/pdf-reader/ CVSSv3 SCORE 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CWE CWE-416 – Use After Free DETAILS Foxit PDF Reader is one of the most popular PDF document readers. It aims for feature parity with Adobe’s Acrobat Reader. As a complete and feature-rich PDF reader, it supports JavaScript for interactive documents and dynamic forms. JavaScript support poses an additional attack surface. Foxit Reader uses the V8 JavaScript engine. Javascript support in PDF renderers and editors enables dynamic documents that can change based on user input or events. There…Read More