A high-severity vulnerability has been discovered in certain versions of Foxit PDF Reader and Editor software used on both Windows and macOS platforms. This flaw could allow an attacker to execute malicious code on a user's computer by tricking them into opening a specially crafted PDF file. Successful exploitation could lead to a full system compromise, data theft, or the installation of malware.

This vulnerability is a Use-After-Free (UAF) condition within the JavaScript engine used by the Foxit software. An attacker can create a malicious PDF document containing specially crafted JavaScript that, when processed by the application, triggers the UAF flaw. This memory corruption can be leveraged by the attacker to achieve arbitrary code execution in the context of the logged-in user, granting them control over the affected system. Exploitation requires user interaction, as the target must be persuaded to open the malicious PDF file.

This vulnerability presents a high risk to the organization, as indicated by its CVSS score of 7.8. A successful attack could lead to a complete compromise of an employee's workstation, enabling an attacker to exfiltrate sensitive corporate data, deploy ransomware, install spyware to capture credentials, or use the compromised machine as a beachhead to move laterally across the internal network. Given the ubiquitous use of PDF documents in business operations, the attack surface is large, and employees are likely to encounter malicious files via targeted phishing campaigns.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor. System administrators must update all installations of Foxit PDF Reader and Editor to version 13.0 or later across all endpoints immediately. Following the update, security teams should monitor for any signs of post-patch exploitation attempts and review system and application logs for indicators of compromise.

Proactive Monitoring: Security operations teams should monitor for suspicious activity related to Foxit applications. Key indicators to watch for include Foxit processes spawning unexpected child processes (e.g., cmd.exe, powershell.exe), unusual outbound network traffic from the Foxit application, and alerts from Endpoint Detection and Response (EDR) tools related to memory exploitation or anomalous process behavior.

Compensating Controls: If patching cannot be deployed immediately, the following controls can help mitigate risk:

• Disable JavaScript: In the Foxit application's preferences, disable JavaScript execution to block the primary attack vector.
• Email and Web Filtering: Configure security gateways to scan, quarantine, or block PDF attachments from untrusted or external sources.
• User Training: Advise users not to open PDF documents from unknown or unsolicited sources.
• Application Hardening: Use application control policies to restrict Foxit applications from executing commands or writing to sensitive system locations.

Public Exploit Available: false

Given the high severity (CVSS 7.8) of this vulnerability and the significant risk of remote code execution, immediate patching is strongly recommended. The widespread use of PDF documents makes this an attractive target for attackers, and organizations should prioritize the deployment of vendor-supplied updates to all affected systems. Although not yet known to be exploited in the wild, the potential for future exploitation is high, and proactive remediation is critical to prevent a potential security breach.