Foxit Reader patches 4 remote code execution vulnerability

 


Foxit PDF Reader (formerly Foxit Reader) is a multilingual freemium PDF (Portable Document Format) tool that can create, view, edit, digitally sign, and print PDF files. Cisco Talos recently discovered several use-after-free vulnerabilities in Foxit Reader that could lead to arbitrary code execution.

Talos has identified four use-after-free vulnerabilities in Foxit Reader. The reader includes Javascript support to enable dynamic documents and multimedia content, which can be viewed interactively. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick a user into opening a malicious file to trigger these vulnerabilities.
TALOS-2022-1600 (CVE-2022-32774)
TALOS-2022-1601 (CVE-2022-38097)
TALOS-2022-1602 (CVE-2022-37332)
TALOS-2022-1614 (CVE-2022-40129)
Cisco Talos worked with Foxit to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
 

No comments:

Iranian Cyber Threats Intensify Against U.S. Defense and OT Networks, Warn Federal Agencies

U.S. Agencies Warn of Escalating Iranian Cyber Threats to Defense and Critical Infrastructure Multiple U.S. cybersecurity and intelligence a...