Monday, May 5, 2025
HomeCyber Security NewsFoxit PDF Editor Vulnerabilities Allows Remote Code Execution

Foxit PDF Editor Vulnerabilities Allows Remote Code Execution

Published on

SIEM as a Service

Follow Us on Google News

Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit PDF Reader and Foxit PDF Editor.

The updates—Foxit PDF Reader 2024.4 and Foxit PDF Editor 2024.4/13.1.5—were released on December 17, 2024, to counter vulnerabilities that could leave users exposed to remote code execution (RCE) attacks.

Details of the Vulnerabilities

The security flaws addressed in this update include Use-After-Free vulnerabilities in the handling of certain elements, such as AcroForms, checkbox objects, and 3D page objects.

- Advertisement - Google News

Exploiting these flaws could allow an attacker to execute arbitrary code remotely on a victim’s system. These vulnerabilities are tracked under the following identifiers:

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

The flaws were reported by Mat Powell of Trend Micro Zero Day Initiative (ZDI) and KPC of Cisco Talos, both of whom disclosed that the issues stem from improper memory validation, such as the use of wild or null pointers.

Exploitation could result in application crashes or, in the worst-case scenario, permit malicious actors to take control of affected systems.

The vulnerabilities specifically impact Foxit PDF Reader and Editor software running on Windows operating systems.

No reports have yet confirmed active exploitation of these vulnerabilities in the wild, but due to the critical nature of these flaws, users are strongly encouraged to update immediately.

Foxit strongly advises all users of its PDF Reader and Editor software to upgrade to the latest version to mitigate these vulnerabilities.

To update the software, users running Version 2023.1 or higher should open Foxit PDF Reader or Foxit PDF Editor, navigate to the “Help” menu, and select “About Foxit PDF Reader” or “About Foxit PDF Editor.”

From there, they can click on “Check for Update” to install the latest version. For those using Version 13 of Foxit PDF Editor, the process is similar.

Open the application, go to the “Help” menu, select “About Foxit PDF Editor,” and click on “Check for Update.”Alternatively, users can download the updated version directly from Foxit’s official website to ensure they are running the most secure and stable release of the software.

Alternatively, users can download the updated versions directly from Foxit’s official website.

Given the potential for attackers to exploit these vulnerabilities and execute remote code, it is imperative for users to update their Foxit applications immediately. Keeping software current is one of the most effective measures to safeguard against cyber threats.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide



Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hackers Exploit Email Fields to Launch XSS and SSRF Attacks

Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site...

Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims

A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed...

SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control

Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the "SonicBoom Attack Chain,"...

Researcher Uses Copilot with WinDbg to Simplify Windows Crash Dump Analysis

A researcher has unveiled a novel integration between AI-powered Copilot and Microsoft's WinDbg, dramatically...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Exploit Email Fields to Launch XSS and SSRF Attacks

Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site...

Luna Moth Hackers Use Fake Helpdesk Domains to Target Victims

A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed...

SonicBoom Attack Chain Lets Hackers Bypass Login and Gain Admin Control

Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the "SonicBoom Attack Chain,"...