CVE-2024-28888

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 2, 2024

Updated: Nov 21, 2024

CWE ID 416

Summary

CVE-2024-28888 is a use-after-free vulnerability affecting Foxit Reader 2024.1.0.23997. This issue arises when the software fails to properly manage a checkbox field object in JavaScript code within PDF documents. An attacker can exploit this vulnerability by crafting a malicious PDF file to cause memory corruption, potentially leading to arbitrary code execution. To trigger the vulnerability, the user must open the malicious file. Additionally, if the browser plugin extension is enabled, exploitation can occur by visiting a specially crafted, malicious website.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Foxitsoftware Foxit Reader
Foxit PDF Reader

Affected Vendors

Foxit Software Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners