CVE-2024-9256

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 29, 2024
CWE ID 125

Summary

CVE-2024-9256 is a newly disclosed information disclosure vulnerability in Foxit PDF Reader. Malicious AcroForms can lead to an out-of-bounds read, allowing remote attackers to access sensitive data on affected systems. User interaction, such as visiting a malicious webpage or opening a malicious file, is necessary for exploitation. The root cause of this vulnerability lies in the improper validation of user-supplied data during the handling of AcroForms, leading to a read beyond the allocated buffer. While this issue does not result in arbitrary code execution on its own, it can be combined with other vulnerabilities to achieve that goal. (ZDI-CAN-25267)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share