Foxit PDF Reader (formerly Foxit Reader) is a multilingual freemium PDF (Portable Document Format) tool that can create, view, edit, digitally sign, and print PDF files. Cisco Talos recently discovered several use-after-free vulnerabilities in Foxit Reader that could lead to arbitrary code execution.
Talos has identified four use-after-free vulnerabilities in Foxit Reader. The reader includes Javascript support to enable dynamic documents and multimedia content, which can be viewed interactively. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick a user into opening a malicious file to trigger these vulnerabilities.
TALOS-2022-1600 (CVE-2022-32774)
TALOS-2022-1601 (CVE-2022-38097)
TALOS-2022-1602 (CVE-2022-37332)
TALOS-2022-1614 (CVE-2022-40129)
Cisco Talos worked with Foxit to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
No comments:
Post a Comment