According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 12.1.8. It is, therefore affected by multiple vulnerabilities:

  - A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field     object. A specially crafted Javascript code inside a malicious PDF document can trigger this     vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker     needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is     also possible if a user visits a specially crafted, malicious site if the browser plugin extension is     enabled. (CVE-2024-28888)

  - Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows     remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User     interaction is required to exploit this vulnerability in that the target must visit a malicious page or     open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from     the lack of validating the existence of an object prior to performing operations on the object. An     attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the     context of the current process. Was ZDI-CAN-23702. (CVE-2024-7722)

  - Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows     remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction     is required to exploit this vulnerability in that the target must visit a malicious page or open a     malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack     of validating the existence of an object prior to performing operations on the object. An attacker can     leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23736.
    (CVE-2024-7723)

  - Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows     remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction     is required to exploit this vulnerability in that the target must visit a malicious page or open a     malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack     of validating the existence of an object prior to performing operations on the object. An attacker can     leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23900.
    (CVE-2024-7724)

  - Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows     remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction     is required to exploit this vulnerability in that the target must visit a malicious page or open a     malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack     of validating the existence of an object prior to performing operations on the object. An attacker can     leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23928.
    (CVE-2024-7725)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Foxit PDF Editor < 12.1.8 Multiple Vulnerabilities

high Nessus Plugin ID 207903

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.5 Oct 23, 2024, 3:47 PM CVE (set "CVE" coverage to "CVE-2024-7722,CVE-2024-7723,CVE-2024-7724,CVE-2024-7725,CVE-2024-9243,CVE-2024-9244,CVE-2024-9245,CVE-2024-9246,CVE-2024-9247,CVE-2024-9248,CVE-2024-9249,CVE-2024-9250,CVE-2024-9251,CVE-2024-9252,CVE-2024-9253,CVE-2024-9254,CVE-2024-9255,CVE-2024-9256,CVE-2024-28888,CVE-2024-38393,CVE-2024-41605,CVE-2024-48618") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202410231547
Version 1.4 Oct 21, 2024, 9:27 AM CVSS metrics ("CVSSv2 score" set to 10.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSSv2 severity (based on CVE-2024-7725, severity increased from "Medium" to "High") CVSSv3 score source (changed from "CVE-2024-28888" to none) Plugin Feed: 202410210927
Version 1.3 Oct 9, 2024, 8:53 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202410090853
Version 1.2 Oct 3, 2024, 9:04 AM CVSS metrics ("CVSSv3 score" set to 8.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") CVSSv3 score source (changed from "CVE-2024-41605" to "CVE-2024-28888") Plugin Feed: 202410030904
Version 1.1 Sep 29, 2024, 3:14 PM New Plugin Feed: 202409291514