8.8

CVE-2024-25575

Exploit

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FoxitPdf Editor Version <= 11.2.8.53842
   MicrosoftWindows Version-
FoxitPdf Editor Version >= 12.0.0.12394 <= 12.1.4.15400
   MicrosoftWindows Version-
FoxitPdf Editor Version >= 13.0.0.21632 <= 13.0.1.21693
   MicrosoftWindows Version-
FoxitPdf Editor Version >= 2023.1.0.15510 <= 2023.3.0.23028
   MicrosoftWindows Version-
FoxitPdf Editor Version2024.1.0.23997
   MicrosoftWindows Version-
FoxitPdf Reader Version2024.1.0.23997
   MicrosoftWindows Version-
FoxitPdf Editor Version <= 11.1.6.0109
   ApplemacOS Version-
FoxitPdf Editor Version >= 12.0.0.0601 <= 12.1.2.55366
   ApplemacOS Version-
FoxitPdf Editor Version >= 13.0.0.61829 <= 13.0.1.61866
   ApplemacOS Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.74% 0.855
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
talos-cna@cisco.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.