CVE-2022-24359 – This vulnerability in Foxit PDF Reader allows r... (How to Fix)

Q: What is the severity of CVE-2022-24359?

CVE-2022-24359 has a CVSS score of 8.8 (HIGH). This vulnerability in Foxit PDF Reader allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files or visiting malicious web pages. The flaw exists in how Doc objects are handled without proper validation, enabling code execution in the current process context. Users of affected Foxit PDF Reader versions are at risk.

📋 TL;DR

This vulnerability in Foxit PDF Reader allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files or visiting malicious web pages. The flaw exists in how Doc objects are handled without proper validation, enabling code execution in the current process context. Users of affected Foxit PDF Reader versions are at risk.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: 11.1.0.52543 and earlier versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. User interaction required (opening malicious PDF or visiting malicious page).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malware installation, credential theft, or system disruption through malicious PDF files delivered via phishing emails or compromised websites.

🟢

If Mitigated

Limited impact with proper application sandboxing, restricted user privileges, and network segmentation preventing lateral movement.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but is technically straightforward once malicious content is delivered. ZDI-CAN-15702 indicates active research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.1.1 or later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Download latest Foxit PDF Reader from official website. 2. Run installer. 3. Restart system if prompted. 4. Verify version is 11.1.1 or higher.

🔧 Temporary Workarounds

Disable JavaScript in Foxit

windows

Prevents JavaScript execution which may be used in exploitation chain

Open Foxit Reader > File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use Protected View

windows

Open PDFs in restricted mode to limit potential damage

Open Foxit Reader > File > Preferences > Trust Manager > Check 'Enable Safe Reading Mode'

🧯 If You Can't Patch

Restrict PDF file handling to alternative PDF readers that are patched
Implement application whitelisting to block Foxit Reader execution

🔍 How to Verify

Check if Vulnerable:

Check Foxit Reader version: Open Foxit > Help > About Foxit Reader. If version is 11.1.0.52543 or earlier, system is vulnerable.

Check Version:

wmic product where name="Foxit Reader" get version

Verify Fix Applied:

Verify version is 11.1.1 or higher in Help > About Foxit Reader.

📡 Detection & Monitoring

Log Indicators:

Process creation events for unexpected child processes from FoxitReader.exe
Windows Event Logs showing application crashes from Foxit Reader

Network Indicators:

Outbound connections from Foxit Reader process to suspicious IPs
DNS requests for known malicious domains following PDF opening

SIEM Query:

process_name="FoxitReader.exe" AND (parent_process="explorer.exe" OR child_process_count>3)

📊 Metadata

CVE ID: CVE-2022-24359

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://www.foxit.com/support/security-bulletins.html Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-270/ Third Party Advisory,VDB Entry
https://www.foxit.com/support/security-bulletins.html Patch,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-270/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24359, you might also want to check these: