Foxit AI contains a critical remote code execution vulnerability that allows attackers to escape the sandbox via malicious PDF files.

The vulnerability exists because the application fails to properly intercept dangerous interfaces when executing embedded JavaScript within a PDF. This failure allows remote scripts to be loaded, resulting in arbitrary code execution within the context of the application.

With a CVSS score of 8.6, this vulnerability poses a major risk. An attacker could exploit this by enticing a user to open a specially crafted PDF document, leading to code execution that could compromise the user's workstation or gain a foothold within the corporate network.

Immediate Action: Update Foxit AI software to the latest version as recommended by the Foxit security bulletin.

Proactive Monitoring: Monitor for suspicious PDF activity and utilize endpoint protection solutions to block the execution of unauthorized scripts spawned by document readers.

Compensating Controls: Disable JavaScript execution within PDF readers via group policy or application settings to prevent the exploitation of this and similar vulnerabilities.

Public Exploit Available: false

Remote Code Execution vulnerabilities in document readers are highly effective attack vectors. Organizations should deploy the latest patches immediately and consider disabling PDF JavaScript execution as a proactive security measure.