Login Sign Up

CVE-2021-31433

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious ARW image files in Foxit Studio Photo. It affects users of Foxit Studio Photo 3.6.6.931 who process untrusted ARW files. The flaw stems from improper validation during ARW file parsing, leading to memory corruption.

💻 Affected Systems

Products:
  • Foxit Studio Photo
Versions: 3.6.6.931
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations processing ARW (Sony RAW) image files. User interaction required (opening malicious file).

📦 What is this software?

Foxit Studio Photo by Foxitsoftware

View all CVEs affecting Foxit Studio Photo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware installation on the affected workstation, with potential data exfiltration from the compromised system.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially resulting in application crash only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but has low complexity once malicious file is opened. ZDI advisory suggests weaponization is likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest version (check vendor advisory)

Vendor Advisory: https://www.foxitsoftware.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Visit Foxit security bulletins page. 2. Download latest version of Foxit Studio Photo. 3. Install update. 4. Restart system.

🔧 Temporary Workarounds

Disable ARW file association

windows

Remove Foxit Studio Photo as default handler for ARW files to prevent automatic exploitation

Control Panel > Default Programs > Set Associations > Find .ARW > Change to different application

User education and file filtering

all

Train users to avoid opening ARW files from untrusted sources and implement email/web filtering for ARW files

🧯 If You Can't Patch

  • Run application with restricted user privileges (non-admin account)
  • Implement application whitelisting to prevent unauthorized execution

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Foxit Studio Photo for version 3.6.6.931

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is updated beyond 3.6.6.931 in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when opening ARW files
  • Unexpected process creation from Foxit Studio Photo

Network Indicators:

  • Downloads of ARW files from untrusted sources
  • Outbound connections after ARW file processing

SIEM Query:

Process Creation where Image contains 'FoxitStudioPhoto.exe' AND Parent Process contains 'explorer.exe'

📊 Metadata

CVE ID: CVE-2021-31433
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: April 29, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31433, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)