CVE-2021-34962 – This is a use-after-free vulnerability in Foxit... (How to Fix)

Q: What is the severity of CVE-2021-34962?

CVE-2021-34962 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in Foxit PDF Editor's handling of Caret Annotation objects that allows remote code execution. Attackers can exploit it by tricking users into opening malicious PDF files, potentially compromising affected systems. Users of vulnerable Foxit PDF Editor versions are at risk.

📋 TL;DR

This is a use-after-free vulnerability in Foxit PDF Editor's handling of Caret Annotation objects that allows remote code execution. Attackers can exploit it by tricking users into opening malicious PDF files, potentially compromising affected systems. Users of vulnerable Foxit PDF Editor versions are at risk.

💻 Affected Systems

Products:

Foxit PDF Editor

Versions: Versions prior to 11.1.0.52543

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Foxit Reader may also be affected but the advisory specifically mentions Foxit PDF Editor. User interaction required (opening malicious PDF).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or arbitrary code execution in the context of the current user, allowing file access, credential theft, and persistence mechanisms.

🟢

If Mitigated

Limited impact due to sandboxing, application whitelisting, or restricted user privileges preventing full system compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious PDF) but the vulnerability is well-documented and similar use-after-free vulnerabilities are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.1.0.52543 and later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Download latest version from Foxit website. 2. Run installer. 3. Restart system. 4. Verify version is 11.1.0.52543 or higher.

🔧 Temporary Workarounds

Disable PDF handling in Foxit

windows

Change default PDF handler to alternative application

Control Panel > Default Programs > Set Default Programs > Choose alternative PDF reader

Application Control Policy

windows

Restrict execution of Foxit PDF Editor via application whitelisting

🧯 If You Can't Patch

Implement application sandboxing to limit potential damage from exploitation
Use endpoint detection and response (EDR) to monitor for suspicious PDF-related process activity

🔍 How to Verify

Check if Vulnerable:

Open Foxit PDF Editor, go to Help > About and check version number

Check Version:

Not applicable - check via GUI in Help > About

Verify Fix Applied:

Confirm version is 11.1.0.52543 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from FoxitPDFEditor.exe
Memory access violations in application logs
Multiple PDF file openings from untrusted sources

Network Indicators:

Downloads of PDF files from suspicious domains
Outbound connections from Foxit processes to unknown IPs

SIEM Query:

Process Creation where Image contains 'FoxitPDFEditor' AND ParentImage contains 'explorer' AND CommandLine contains '.pdf'

📊 Metadata

CVE ID: CVE-2021-34962

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 7, 2024

Last Updated: August 13, 2025

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1193/ Third Party Advisory
https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1193/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34962, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable PDF handling in Foxit

Application Control Policy

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities