Login Sign Up

CVE-2024-30353

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in Foxit PDF Reader allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files. The flaw exists in how AcroForms handle Doc objects, enabling out-of-bounds reads that can lead to remote code execution. All users running vulnerable versions of Foxit PDF Reader are affected.

💻 Affected Systems

Products:
  • Foxit PDF Reader
Versions: Versions prior to 2024.1
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable. Requires user interaction to open malicious PDF.

📦 What is this software?

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Reader by Foxit

View all CVEs affecting Pdf Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malicious code execution in the context of the PDF Reader process, allowing file system access, credential harvesting, and further malware installation.

🟢

If Mitigated

Limited impact with proper sandboxing and application hardening, potentially containing the exploit to the PDF Reader process only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is straightforward once malicious PDF is opened. ZDI has confirmed the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.1 or later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit PDF Reader
2. Go to Help > Check for Updates
3. Follow prompts to install version 2024.1 or later
4. Restart the application

🔧 Temporary Workarounds

Disable JavaScript in Foxit

all

Prevents JavaScript-based exploitation vectors

Open Foxit > File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use Protected View

all

Opens PDFs in sandboxed mode

Open Foxit > File > Preferences > General > Check 'Enable Safe Reading Mode'

🧯 If You Can't Patch

  • Use alternative PDF readers temporarily
  • Block PDF downloads from untrusted sources via web proxy

🔍 How to Verify

Check if Vulnerable:

Check Foxit version in Help > About. If version is below 2024.1, system is vulnerable.

Check Version:

On Windows: wmic product where name="Foxit PDF Reader" get version

Verify Fix Applied:

Verify version is 2024.1 or higher in Help > About.

📡 Detection & Monitoring

Log Indicators:

  • Multiple crash reports from FoxitReader.exe
  • Unusual process spawning from Foxit PDF Reader

Network Indicators:

  • Downloads of PDF files from suspicious sources
  • Outbound connections from Foxit process to unknown IPs

SIEM Query:

process_name:"FoxitReader.exe" AND (event_id:1000 OR event_id:1001) | stats count by host

📊 Metadata

CVE ID: CVE-2024-30353
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: April 2, 2024
Last Updated: August 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30353, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)