CVE-2021-34966 – This is a use-after-free vulnerability in Foxit... (How to Fix)

Q: What is the severity of CVE-2021-34966?

CVE-2021-34966 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in Foxit PDF Editor's handling of FileAttachment annotations that allows remote code execution. Attackers can exploit it by tricking users into opening malicious PDF files, potentially compromising affected systems. Users of vulnerable Foxit PDF Editor versions are at risk.

📋 TL;DR

This is a use-after-free vulnerability in Foxit PDF Editor's handling of FileAttachment annotations that allows remote code execution. Attackers can exploit it by tricking users into opening malicious PDF files, potentially compromising affected systems. Users of vulnerable Foxit PDF Editor versions are at risk.

💻 Affected Systems

Products:

Foxit PDF Editor

Versions: Versions prior to 11.1.0.52543

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: This affects the desktop PDF editor application, not Foxit Reader or other Foxit products unless specifically mentioned in vendor advisories.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or malware installation on the victim's machine, with potential for data exfiltration or persistence mechanisms.

🟢

If Mitigated

Limited impact due to sandboxing or application hardening, potentially resulting in application crash rather than code execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

User interaction required (opening malicious PDF). The vulnerability was discovered by Zero Day Initiative and has been publicly disclosed, increasing likelihood of exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.1.0.52543 and later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Download latest version from Foxit website. 2. Run installer. 3. Restart system if prompted. 4. Verify version is 11.1.0.52543 or higher.

🔧 Temporary Workarounds

Disable JavaScript in Foxit PDF Editor

windows

Prevents JavaScript-based exploitation vectors that might be used in conjunction with this vulnerability

Open Foxit PDF Editor > File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use alternative PDF viewer

all

Temporarily use a different PDF application while patching

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized PDF files
Deploy network segmentation to limit lateral movement if exploitation occurs

🔍 How to Verify

Check if Vulnerable:

Check Foxit PDF Editor version in Help > About. If version is below 11.1.0.52543, system is vulnerable.

Check Version:

Not applicable - check via GUI in Help > About

Verify Fix Applied:

Verify version is 11.1.0.52543 or higher in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

Application crashes of Foxit PDF Editor
Unusual process creation from Foxit processes
Suspicious file access patterns

Network Indicators:

Unexpected outbound connections from Foxit processes
Downloads of PDF files from untrusted sources

SIEM Query:

Process creation where parent process contains 'foxit' AND (command line contains '.pdf' OR file path contains '.pdf')

📊 Metadata

CVE ID: CVE-2021-34966

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 7, 2024

Last Updated: August 13, 2025

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1197/ Third Party Advisory
https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1197/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34966, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in Foxit PDF Editor

Use alternative PDF viewer

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities