According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 2024.4/13.1.5. It is, therefore affected by multiple vulnerabilities:

  - A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget     object. A specially crafted Javascript code inside a malicious PDF document can trigger this     vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker     needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is     also possible if a user visits a specially crafted, malicious site if the browser plugin extension is     enabled. (CVE-2024-49576)

  - Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability     allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User     interaction is required to exploit this vulnerability in that the target must visit a malicious page or     open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from     the lack of proper validation of user-supplied data, which can result in a read past the end of an     allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the     current process. Was ZDI-CAN-25344. (CVE-2024-12751)

  - Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows     remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction     is required to exploit this vulnerability in that the target must visit a malicious page or open a     malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack     of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker     can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25345.
    (CVE-2024-12752)

  - A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A     specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which     can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user     into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user     visits a specially crafted, malicious site if the browser plugin extension is enabled. (CVE-2024-47810)

  - Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local     attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first     obtain the ability to execute low-privileged code on the target system in order to exploit this     vulnerability. The specific flaw exists within the product installer. By creating a junction, an attacker     can abuse the installer process to create an arbitrary file. An attacker can leverage this vulnerability     to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25408.
    (CVE-2024-12753)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Foxit PDF Editor < 13.1.5 / 2024.4 Multiple Vulnerabilities

high Nessus Plugin ID 213089

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.5 Dec 31, 2024, 1:26 PM CVE (set "CVE" coverage to "CVE-2024-12751,CVE-2024-12752,CVE-2024-12753,CVE-2024-47810,CVE-2024-49576") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202412311326
Version 1.4 Dec 20, 2024, 5:52 PM New Plugin Feed: 202412201752
Version 1.3 Dec 20, 2024, 9:44 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202412200944
Version 1.2 Dec 19, 2024, 9:35 AM CVSS metrics ("CVSSv2 score" set to 10.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C") CVSS metrics ("CVSSv3 score" set to 8.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H") CVSSv2 severity (based on CVE-2024-49576, severity increased from "Medium" to "High") Plugin Feed: 202412190935
Version 1.1 Dec 18, 2024, 7:05 AM New Plugin Feed: 202412180705