CVE-2023-38107 – This is a use-after-free vulnerability in Foxit... (How to Fix)

Q: What is the severity of CVE-2023-38107?

CVE-2023-38107 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in Foxit PDF Reader's annotation handling that allows remote attackers to execute arbitrary code when a user opens a malicious PDF file. Attackers can gain control of the current process, potentially leading to full system compromise. All users of affected Foxit PDF Reader versions are at risk.

📋 TL;DR

This is a use-after-free vulnerability in Foxit PDF Reader's annotation handling that allows remote attackers to execute arbitrary code when a user opens a malicious PDF file. Attackers can gain control of the current process, potentially leading to full system compromise. All users of affected Foxit PDF Reader versions are at risk.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: Versions prior to 12.1.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: User interaction required - victim must open a malicious PDF file. All default configurations are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running Foxit PDF Reader, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malicious actor executes code with user privileges, potentially installing malware, stealing sensitive documents, or establishing persistence on the system.

🟢

If Mitigated

If proper controls like application sandboxing, least privilege, and network segmentation are in place, impact may be limited to the user's session without lateral movement.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

User interaction required (opening malicious PDF). The vulnerability is well-documented and was disclosed through ZDI, making weaponization likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.1.3 and later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Download Foxit PDF Reader 12.1.3 or later from official Foxit website. 2. Run the installer. 3. Follow installation prompts. 4. Restart system if prompted.

🔧 Temporary Workarounds

Disable JavaScript in Foxit PDF Reader

windows

Disabling JavaScript may prevent exploitation as many PDF-based attacks rely on JavaScript execution.

Open Foxit PDF Reader > File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use alternative PDF reader

all

Temporarily use a different PDF reader that is not affected by this vulnerability.

🧯 If You Can't Patch

Implement application whitelisting to block execution of unauthorized PDF files
Deploy network segmentation to limit lateral movement if exploitation occurs

🔍 How to Verify

Check if Vulnerable:

Check Foxit PDF Reader version: Open Foxit > Help > About Foxit Reader. If version is below 12.1.3, you are vulnerable.

Check Version:

wmic product where name="Foxit Reader" get version

Verify Fix Applied:

Verify version is 12.1.3 or higher in Help > About Foxit Reader.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Foxit Reader
Multiple failed annotation operations in application logs
Unexpected network connections from Foxit process

Network Indicators:

Outbound connections from Foxit Reader to unknown IPs
DNS requests for suspicious domains from Foxit process

SIEM Query:

process_name:"FoxitReader.exe" AND (process_parent:!="explorer.exe" OR network_connection:*)

📊 Metadata

CVE ID: CVE-2023-38107

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 3, 2024

Last Updated: August 12, 2025

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-985/ Third Party Advisory
https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-985/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38107, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in Foxit PDF Reader

Use alternative PDF reader

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities