Foxit Reader Addressed Serious Code Execution Vulnerability Exploitable Via PDFs

Heads up, Foxit Reader users! The vendors have recently rolled out an update to Foxit Reader since patching a serious code execution flaw. Exploiting this vulnerability via malicious PDFs could potentially allow for an adversary to take control of  target systems.

Foxit Reader Vulnerability Allowing RCE Attacks

A security researcher from Cisco Talos discovered a serious security flaw affecting the Foxit Reader.

As explained in their advisory, the vulnerability, CVE-2021-21822, could let an adversary execute malicious codes on the target device. Whereas, exploiting this bug merely required an attacker to create a malicious PDF. As stated in the advisory,

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled.

This vulnerability has achieved a high-severity rating with a CVSS score of 8.8.

More Bugs Also Fixed

Alongside this vulnerability, Foxit has also released security fixes for 14 other security flaws. These vulnerabilities caught Foxit’s attention following the reports from other security researchers.

Eventually, Foxit released patches for all the bugs as elaborated in their security bulletin.

As the vendors confirmed, the vulnerabilities predominantly affected the previous versions of Foxit products. These specifically include Foxit Reader (10.1.3.37598 and earlier) and Foxit PhantomPDF (10.1.3.37598 and all previous 10.x versions, 9.7.5.29616 and earlier).

Consequently, they released the security updates with the release of Foxit Reader 10.1.4 and Foxit PhantomPDF 10.1.4.

Now that the bug fixes are out, all Foxit users must ensure updating their systems to the latest patched version.

Earlier, in 2020, Foxit had patched remote code execution vulnerabilities in Foxit Reader and PhantomPDF.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients