CVE-2022-37386 – This vulnerability in Foxit PDF Reader allows r... (How to Fix)

Q: What is the severity of CVE-2022-37386?

CVE-2022-37386 has a CVSS score of 5.5 (MEDIUM). This vulnerability in Foxit PDF Reader allows remote attackers to read sensitive information from memory by exploiting an out-of-bounds read in the resetForm method. Attackers can combine this with other vulnerabilities to potentially execute arbitrary code. Users of Foxit PDF Reader 11.2.2.53575 who open malicious PDF files or visit malicious web pages are affected.

📋 TL;DR

This vulnerability in Foxit PDF Reader allows remote attackers to read sensitive information from memory by exploiting an out-of-bounds read in the resetForm method. Attackers can combine this with other vulnerabilities to potentially execute arbitrary code. Users of Foxit PDF Reader 11.2.2.53575 who open malicious PDF files or visit malicious web pages are affected.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: 11.2.2.53575 and potentially earlier versions

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the JavaScript engine's resetForm method. All installations with vulnerable versions are affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Information disclosure of sensitive memory contents, potentially exposing credentials or other confidential data.

🟢

If Mitigated

Limited impact with proper application sandboxing and memory protection controls in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but can be delivered via web pages or email attachments.

🏢 Internal Only: MEDIUM - Similar risk profile internally, though attack vectors may be more limited.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires user interaction (opening malicious file) and may need to be chained with other vulnerabilities for full code execution. ZDI-CAN-17550 indicates professional vulnerability research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.2.3 or later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit PDF Reader. 2. Go to Help > Check for Updates. 3. Follow prompts to install latest version. 4. Restart the application.

🔧 Temporary Workarounds

Disable JavaScript in Foxit Reader

all

Prevents exploitation by disabling JavaScript execution in PDF files

File > Preferences > Security > Uncheck 'Enable JavaScript'

Use Protected View

windows

Open untrusted PDFs in protected/sandboxed mode

File > Preferences > General > Check 'Open documents in Protected View'

🧯 If You Can't Patch

Use alternative PDF readers that are not vulnerable
Implement application whitelisting to block Foxit Reader execution

🔍 How to Verify

Check if Vulnerable:

Check Help > About Foxit Reader for version number. If version is 11.2.2.53575 or earlier, system is vulnerable.

Check Version:

On Windows: wmic product where name="Foxit Reader" get version

Verify Fix Applied:

Verify version is 11.2.3 or later in Help > About Foxit Reader.

📡 Detection & Monitoring

Log Indicators:

Application crashes in Foxit Reader
Unusual JavaScript execution errors
Memory access violation events

Network Indicators:

Downloads of PDF files from suspicious sources
HTTP requests to known exploit hosting domains

SIEM Query:

source="*foxit*" AND (event_id=1000 OR event_id=1001) AND message="*access violation*"

📊 Metadata

CVE ID: CVE-2022-37386

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: March 29, 2023

Last Updated: November 21, 2024

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1058/ Third Party Advisory,VDB Entry
https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1058/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-37386, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in Foxit Reader

Use Protected View

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities