8.8
CVE-2024-25575
- EPSS 2.74%
- Published 30.04.2024 15:15:52
- Last modified 22.08.2025 14:59:40
- Source talos-cna@cisco.com
- Teams watchlist Login
- Open Login
A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Foxit ≫ Pdf Editor Version <= 11.2.8.53842
Foxit ≫ Pdf Editor Version >= 12.0.0.12394 <= 12.1.4.15400
Foxit ≫ Pdf Editor Version >= 13.0.0.21632 <= 13.0.1.21693
Foxit ≫ Pdf Editor Version >= 2023.1.0.15510 <= 2023.3.0.23028
Foxit ≫ Pdf Editor Version2024.1.0.23997
Foxit ≫ Pdf Reader Version2024.1.0.23997
Foxit ≫ Pdf Editor Version <= 11.1.6.0109
Foxit ≫ Pdf Editor Version >= 12.0.0.0601 <= 12.1.2.55366
Foxit ≫ Pdf Editor Version >= 13.0.0.61829 <= 13.0.1.61866
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.74% | 0.855 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| talos-cna@cisco.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.