Login Sign Up

CVE-2024-7723

8.8 HIGH
Remote Code Execution

📋 TL;DR

This is a use-after-free vulnerability in Foxit PDF Reader's AcroForm handling that allows remote code execution when users open malicious PDF files. Attackers can exploit this to run arbitrary code with the same privileges as the current user. All users running vulnerable versions of Foxit PDF Reader are affected.

💻 Affected Systems

Products:
  • Foxit PDF Reader
Versions: Specific versions not detailed in provided references; check Foxit security bulletins for exact affected versions
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations with vulnerable versions are affected. User interaction required (opening malicious PDF).

📦 What is this software?

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Reader by Foxit

View all CVEs affecting Pdf Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation, credential theft, or lateral movement within the network after user opens a malicious PDF.

🟢

If Mitigated

Limited impact with proper application sandboxing, least privilege, and network segmentation preventing lateral movement.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (opening malicious file). ZDI-CAN-23736 suggests active research interest.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Foxit security bulletins for latest patched version

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Visit Foxit security bulletins page
2. Download latest version
3. Install update
4. Restart system

🔧 Temporary Workarounds

Disable JavaScript in Foxit

all

Prevents JavaScript-based exploitation vectors

Open Foxit Reader > Edit > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use Protected View

windows

Opens PDFs in sandboxed environment

Open Foxit Reader > File > Preferences > Trust Manager > Check 'Enable Safe Reading Mode'

🧯 If You Can't Patch

  • Restrict PDF opening to trusted sources only
  • Use alternative PDF reader software temporarily

🔍 How to Verify

Check if Vulnerable:

Check Foxit Reader version against affected versions in security bulletin

Check Version:

Open Foxit Reader > Help > About Foxit Reader

Verify Fix Applied:

Verify installed version matches or exceeds patched version from Foxit advisory

📡 Detection & Monitoring

Log Indicators:

  • Unexpected Foxit Reader crashes
  • Suspicious child processes spawned from Foxit

Network Indicators:

  • Outbound connections from Foxit to unknown IPs
  • DNS requests for suspicious domains

SIEM Query:

process_name:"FoxitReader.exe" AND (event_id:1 OR parent_process_name:"FoxitReader.exe")

📊 Metadata

CVE ID: CVE-2024-7723
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: August 21, 2024
Last Updated: October 18, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7723, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)