Login Sign Up

CVE-2024-9253

7.1 HIGH

📋 TL;DR

This vulnerability in Foxit PDF Reader allows remote attackers to read memory beyond allocated buffers when processing malicious PDF files with AcroForms. It can disclose sensitive information and potentially lead to arbitrary code execution when combined with other vulnerabilities. Users who open untrusted PDF files are affected.

💻 Affected Systems

Products:
  • Foxit PDF Reader
Versions: Versions prior to 2024.3
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations with affected versions are vulnerable. Requires user interaction to open malicious PDF.

📦 What is this software?

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Reader by Foxit

View all CVEs affecting Pdf Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure leads to memory address leaks enabling ASLR bypass, combined with other vulnerabilities for remote code execution with user privileges.

🟠

Likely Case

Information disclosure revealing memory contents, potentially exposing sensitive data or system information.

🟢

If Mitigated

Limited impact if proper sandboxing and memory protections are in place, though information disclosure still occurs.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction to open malicious file. Information disclosure alone may not be sufficient for full compromise without additional vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.3 or later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit PDF Reader. 2. Go to Help > Check for Updates. 3. Follow prompts to install version 2024.3 or later. 4. Restart the application.

🔧 Temporary Workarounds

Disable JavaScript in Foxit

all

Prevents JavaScript-based exploitation vectors

File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use Protected View

all

Open untrusted PDFs in protected/sandboxed mode

File > Preferences > Trust Manager > Check 'Enable Safe Reading Mode'

🧯 If You Can't Patch

  • Restrict PDF opening to trusted sources only
  • Use alternative PDF readers temporarily

🔍 How to Verify

Check if Vulnerable:

Check Foxit version in Help > About Foxit Reader. If version is below 2024.3, system is vulnerable.

Check Version:

On Windows: wmic product where name="Foxit Reader" get version

Verify Fix Applied:

Verify version is 2024.3 or later in Help > About Foxit Reader.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unusual PDF file access from untrusted sources

Network Indicators:

  • Downloads of PDF files from suspicious sources

SIEM Query:

source="*foxit*" AND (event_id=1000 OR event_id=1001) AND exception_code=0xc0000005

📊 Metadata

CVE ID: CVE-2024-9253
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: November 22, 2024
Last Updated: November 29, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9253, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)