CVE-2024-30341 – This vulnerability in Foxit PDF Reader allows r... (How to Fix)

Q: What is the severity of CVE-2024-30341?

CVE-2024-30341 has a CVSS score of 7.8 (HIGH). This vulnerability in Foxit PDF Reader allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files. The flaw exists in how Doc objects are handled, enabling out-of-bounds reads that can lead to remote code execution. All users running vulnerable versions of Foxit PDF Reader are affected.

📋 TL;DR

This vulnerability in Foxit PDF Reader allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files. The flaw exists in how Doc objects are handled, enabling out-of-bounds reads that can lead to remote code execution. All users running vulnerable versions of Foxit PDF Reader are affected.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: Versions prior to 2024.1.0.23997

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution with current user privileges, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malicious actors deliver weaponized PDFs via phishing campaigns to execute malware, steal credentials, or establish persistence on victim systems.

🟢

If Mitigated

With proper patching and security controls, exploitation attempts would be blocked, though users might still receive malicious files.

🌐 Internet-Facing: HIGH - Attackers can host malicious PDFs on websites or distribute via email, requiring only user interaction to trigger.

🏢 Internal Only: MEDIUM - Internal users could be targeted via internal phishing or shared malicious documents, but requires initial access to internal networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (opening malicious PDF) but no authentication. ZDI has confirmed the vulnerability exists and exploitation is likely given the nature of PDF reader attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.1.0.23997 or later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit PDF Reader. 2. Go to Help > Check for Updates. 3. Follow prompts to install latest version. 4. Restart computer after installation.

🔧 Temporary Workarounds

Disable JavaScript in Foxit Reader

all

Disabling JavaScript may prevent some exploitation vectors, though not guaranteed to block all attack methods.

Open Foxit Reader > File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use Protected View

all

Enable Protected View for untrusted documents to restrict execution capabilities.

Open Foxit Reader > File > Preferences > Trust Manager > Check 'Enable Safe Reading Mode'

🧯 If You Can't Patch

Temporarily switch to alternative PDF readers like Adobe Acrobat Reader or browser-based PDF viewers
Implement application whitelisting to block Foxit Reader execution until patched

🔍 How to Verify

Check if Vulnerable:

Open Foxit Reader, go to Help > About Foxit Reader, check if version is below 2024.1.0.23997

Check Version:

On Windows: wmic product where name="Foxit Reader" get version

Verify Fix Applied:

Verify version is 2024.1.0.23997 or higher in Help > About Foxit Reader

📡 Detection & Monitoring

Log Indicators:

Foxit Reader crash logs with memory access violations
Unexpected child processes spawned from Foxit Reader

Network Indicators:

Outbound connections from Foxit Reader to suspicious IPs
DNS requests for known malicious domains after PDF opening

SIEM Query:

process_name:"FoxitReader.exe" AND (event_id:1000 OR event_id:1001) OR parent_process:"FoxitReader.exe" AND process_creation

📊 Metadata

CVE ID: CVE-2024-30341

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: April 2, 2024

Last Updated: July 9, 2025

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-315/ Third Party Advisory
https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-315/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30341, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in Foxit Reader

Use Protected View

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities