A high-severity vulnerability has been discovered in multiple Foxit software products, which could allow an attacker to execute malicious code on a user's computer. Exploitation requires an unsuspecting user to open a specially crafted PDF file, potentially leading to a full system compromise, data theft, or the installation of malware like ransomware.

This vulnerability is a Use-After-Free (UAF) error that occurs when the application parses malformed embedded JavaScript within a PDF document. An attacker can create a malicious PDF file that, when opened, triggers this memory corruption flaw. This allows the attacker to execute arbitrary code on the target system with the same privileges as the logged-in user.

This vulnerability is rated as High severity with a CVSS score of 7.5 and poses a significant risk to the organization. A successful exploit could lead to a complete compromise of the affected workstation, enabling an attacker to install malware, steal sensitive data (such as credentials or corporate documents), or pivot to other systems within the network. The potential consequences include data breaches, financial loss from ransomware, operational disruption, and significant reputational damage.

Immediate Action: Apply the security updates provided by the vendor to all affected versions of Foxit PDF Editor and Reader immediately. Prioritize patching systems that handle documents from untrusted external sources. After patching, monitor for any signs of exploitation and review access logs for anomalous activity predating the update.

Proactive Monitoring: Enhance security monitoring to detect potential exploitation attempts. Look for unusual process behavior, such as Foxit applications spawning command shells (cmd.exe, powershell.exe) or making unexpected network connections. Endpoint Detection and Response (EDR) solutions should be configured to alert on memory corruption exploits or suspicious child process creation.

Compensating Controls: If patching cannot be immediately deployed, implement compensating controls to reduce risk. Disable JavaScript execution within the PDF reader's security settings, as this is the primary attack vector. Ensure email security gateways and web filters are configured to scan and block malicious PDF files.

Public Exploit Available: false

Given the high severity of this vulnerability and its potential for arbitrary code execution via a common file type, organizations must act swiftly. We strongly recommend prioritizing the immediate deployment of the vendor's security updates across all affected systems. Although this CVE is not yet on the CISA KEV list, its potential impact makes proactive patching the most critical and effective measure to prevent future compromise.