CVE-2024-30357 – This vulnerability in Foxit PDF Reader allows a... (How to Fix)

Q: What is the severity of CVE-2024-30357?

CVE-2024-30357 has a CVSS score of 7.8 (HIGH). This vulnerability in Foxit PDF Reader allows attackers to execute arbitrary code by tricking users into opening malicious PDF files. The flaw exists in how the software handles AcroForm annotations, leading to type confusion that can be exploited for remote code execution. All users running vulnerable versions of Foxit PDF Reader are affected.

📋 TL;DR

This vulnerability in Foxit PDF Reader allows attackers to execute arbitrary code by tricking users into opening malicious PDF files. The flaw exists in how the software handles AcroForm annotations, leading to type confusion that can be exploited for remote code execution. All users running vulnerable versions of Foxit PDF Reader are affected.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: Versions prior to 2024.1.0.23997

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Foxit PDF Reader, not Foxit PDF Editor. Requires user interaction to open malicious PDF.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malware installation or data exfiltration from the compromised system, with the attacker operating in the context of the current user's permissions.

🟢

If Mitigated

Limited impact due to sandboxing, application hardening, or restricted user privileges preventing full system compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious PDF). Type confusion vulnerabilities are often reliable for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.1.0.23997 or later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit PDF Reader. 2. Go to Help > Check for Updates. 3. Follow prompts to install version 2024.1.0.23997 or later. 4. Restart the application.

🔧 Temporary Workarounds

Disable JavaScript in Foxit PDF Reader

windows

Prevents exploitation vectors that rely on JavaScript execution

Open Foxit PDF Reader > File > Preferences > Security > Uncheck 'Enable JavaScript'

Use Protected View

windows

Opens PDFs in restricted mode to limit potential damage

Open Foxit PDF Reader > File > Preferences > General > Check 'Open cross-domain PDF files in Protected View'

🧯 If You Can't Patch

Restrict PDF file handling to alternative PDF readers that are not vulnerable
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Foxit PDF Reader version in Help > About. If version is below 2024.1.0.23997, system is vulnerable.

Check Version:

wmic product where name='Foxit Reader' get version

Verify Fix Applied:

Confirm version is 2024.1.0.23997 or higher in Help > About after update.

📡 Detection & Monitoring

Log Indicators:

Process creation from Foxit Reader with unusual command lines
Network connections initiated by Foxit Reader process

Network Indicators:

Outbound connections from Foxit Reader to unknown IPs
DNS requests for suspicious domains from Foxit process

SIEM Query:

process_name='FoxitReader.exe' AND (parent_process!='explorer.exe' OR command_line CONTAINS 'powershell' OR command_line CONTAINS 'cmd')

📊 Metadata

CVE ID: CVE-2024-30357

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-843

Published: April 2, 2024

Last Updated: August 8, 2025

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-331/ Third Party Advisory
https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-331/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30357, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in Foxit PDF Reader

Use Protected View

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities