When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after...
Description
When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Foxit
PRODUCT: Foxit PDF Editor
AFFECTED_VERSIONS: Foxit PDF Editor: 2026.1.1 and earlier, 14.0.4 and earlier, 13.2.4 and earlier, 14.0.3 and earlier; Foxit PDF Reader: 2026.1.1 and earlier
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
A use-after-free vulnerability in Foxit PDF Editor and Reader occurs when executing JavaScript that performs abnormal operations on list box fields, potentially leading to arbitrary code execution.
Executive Summary:
A critical use-after-free vulnerability in Foxit PDF Editor and Reader allows an attacker to execute arbitrary code or cause application crashes through malicious JavaScript in a PDF form.
Vulnerability Details
CVE-ID: CVE-2026-57256
Affected Software: Foxit PDF Editor and Foxit PDF Reader
Affected Versions: Foxit PDF Editor: 2026.1.1 and earlier, 14.0.4 and earlier, 13.2.4 and earlier, 14.0.3 and earlier; Foxit PDF Reader: 2026.1.1 and earlier
Vulnerability: This vulnerability (CWE-416) involves improper handling of list box objects during JavaScript execution, specifically when forms are reset. An attacker can leverage this memory corruption to gain unauthorized control over the application process.
Business Impact
With a CVSS score of 7.8, this flaw poses a significant risk to organizational assets. Exploitation can lead to the exfiltration of sensitive information contained within PDF documents or the compromise of the user's host machine, resulting in potential data breaches and loss of productivity.
Remediation Plan
Immediate Action: Apply the latest security patches released by Foxit for both PDF Editor and PDF Reader to address the list box handling flaw.
Proactive Monitoring: Review application crash logs for patterns involving PDF form interaction or JavaScript execution failures.
Compensating Controls: Restrict the opening of untrusted PDF files from unknown sources and enforce organizational policies that disable JavaScript in PDF viewers.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 8, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams must treat this vulnerability with high priority due to the risk of code execution. Ensure all endpoints with Foxit software are updated to the latest secure version and verify that automatic updates are enabled.