CVE-2024-9253
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2024-9253 is a newly disclosed vulnerability affecting Foxit PDF Reader. This issue is classified as an Out-Of-Bounds Read Information Disclosure vulnerability, which allows remote attackers to access sensitive data on affected systems. The flaw lies in the software's handling of AcroForms and stems from insufficient validation of user-supplied data. As a result, an attacker can read data beyond the allocated buffer, potentially leading to more serious exploits like arbitrary code execution. This vulnerability was identified independently as ZDI-CAN-24492 and requires user interaction, with the target needing to visit a malicious page or open a malicious file to be exploited.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.