CVE-2022-37383 – This vulnerability in Foxit PDF Reader allows r... (How to Fix)

Q: What is the severity of CVE-2022-37383?

CVE-2022-37383 has a CVSS score of 5.5 (MEDIUM). This vulnerability in Foxit PDF Reader allows remote attackers to read sensitive information from memory by exploiting a JavaScript flaw in Doc object handling. Users who open malicious PDF files or visit malicious web pages while using vulnerable versions are affected. The vulnerability can be combined with other exploits to potentially execute arbitrary code.

📋 TL;DR

This vulnerability in Foxit PDF Reader allows remote attackers to read sensitive information from memory by exploiting a JavaScript flaw in Doc object handling. Users who open malicious PDF files or visit malicious web pages while using vulnerable versions are affected. The vulnerability can be combined with other exploits to potentially execute arbitrary code.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: 11.2.1.53537 and earlier versions

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires JavaScript enabled in PDF Reader settings (default is enabled).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Information disclosure of sensitive memory contents, potentially including credentials or other application data.

🟢

If Mitigated

Limited information leakage without code execution if JavaScript is disabled or other mitigations are applied.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file/website) but can be delivered via email or web.

🏢 Internal Only: MEDIUM - Similar risk internally if users open malicious documents from internal sources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires user interaction to open malicious PDF. Part of ZDI-CAN-17111 with technical details available to researchers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.2.2 and later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit PDF Reader. 2. Go to Help > Check for Updates. 3. Follow prompts to install latest version. 4. Restart application after update.

🔧 Temporary Workarounds

Disable JavaScript in Foxit Reader

all

Prevents exploitation by disabling JavaScript execution in PDF files

Open Foxit Reader > File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use Protected View

all

Open untrusted PDFs in protected/sandboxed mode

File > Preferences > General > Check 'Open cross-domain PDF files in Protected View'

🧯 If You Can't Patch

Disable JavaScript in Foxit Reader settings
Use alternative PDF reader for untrusted documents
Implement application whitelisting to block Foxit Reader execution
Educate users not to open PDFs from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Foxit Reader version: Help > About Foxit Reader. If version is 11.2.1.53537 or earlier, system is vulnerable.

Check Version:

On Windows: wmic product where name="Foxit Reader" get version

Verify Fix Applied:

Verify version is 11.2.2 or later in Help > About Foxit Reader.

📡 Detection & Monitoring

Log Indicators:

Application crashes of Foxit Reader
Unusual JavaScript execution in PDF files
Memory access violations in application logs

Network Indicators:

Downloads of PDF files from suspicious sources
HTTP requests to known exploit domains

SIEM Query:

source="*foxit*" AND (event_type="crash" OR event_type="exception")

📊 Metadata

CVE ID: CVE-2022-37383

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: March 29, 2023

Last Updated: November 21, 2024

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1055/ Third Party Advisory,VDB Entry
https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1055/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-37383, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in Foxit Reader

Use Protected View

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities