CVE-2024-30345 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-30345?

CVE-2024-30345 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in Foxit PDF Reader's AcroForm handling that allows remote code execution. Attackers can exploit it by tricking users into opening malicious PDF files, potentially compromising their systems. All users running vulnerable versions of Foxit PDF Reader are affected.

📋 TL;DR

This CVE describes a use-after-free vulnerability in Foxit PDF Reader's AcroForm handling that allows remote code execution. Attackers can exploit it by tricking users into opening malicious PDF files, potentially compromising their systems. All users running vulnerable versions of Foxit PDF Reader are affected.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: Specific versions not detailed in provided references; check Foxit security bulletins for exact affected versions

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected Foxit PDF Reader versions are vulnerable. User interaction required (opening malicious PDF).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine, enabling data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to malware installation, credential theft, or system disruption for the affected user account.

🟢

If Mitigated

Limited impact with proper sandboxing and application hardening, potentially resulting only in application crash or denial of service.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction but no authentication. ZDI has confirmed the vulnerability (ZDI-CAN-22742), suggesting exploit development is feasible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Foxit security bulletins for specific patched version

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Visit Foxit security bulletins page
2. Identify the latest patched version for your product
3. Download and install the update
4. Restart the application and system if prompted

🔧 Temporary Workarounds

Disable JavaScript in Foxit PDF Reader

all

Prevents exploitation vectors that rely on JavaScript execution in PDFs

Open Foxit PDF Reader > File > Preferences > Security > Uncheck 'Enable JavaScript'

Use alternative PDF viewer

all

Temporarily switch to a different PDF reader until Foxit is patched

🧯 If You Can't Patch

Restrict PDF file opening to trusted sources only using application control policies
Implement network segmentation to limit lateral movement if exploitation occurs

🔍 How to Verify

Check if Vulnerable:

Check Foxit PDF Reader version against the affected versions listed in Foxit's security bulletins

Check Version:

Open Foxit PDF Reader > Help > About Foxit Reader

Verify Fix Applied:

Verify installed version matches or exceeds the patched version specified in Foxit's advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected Foxit PDF Reader crashes
Suspicious child processes spawned from Foxit
Unusual network connections originating from Foxit process

Network Indicators:

Outbound connections to unknown IPs after PDF opening
DNS requests to suspicious domains from Foxit process

SIEM Query:

Process creation where parent_process_name contains 'FoxitReader.exe' AND (process_name not in ['AcroRd32.exe', 'FoxitPhantomPDF.exe']) OR Network connection where process_name contains 'FoxitReader.exe' AND dest_ip not in trusted_ranges

📊 Metadata

CVE ID: CVE-2024-30345

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: April 2, 2024

Last Updated: August 8, 2025

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-323/ Third Party Advisory
https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-323/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30345, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in Foxit PDF Reader

Use alternative PDF viewer

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities