House › Vulnerabilities

Foxit Patches A number of Code Execution Vulnerabilities in PDF Reader

By Ionut Arghire on November 11, 2022

Tweet

Common PDF doc reader Foxit Reader has been up to date to deal with a number of use-after-free safety bugs that may very well be exploited for arbitrary code execution.

The feature-rich PDF reader offers broad performance to customers, together with help for multimedia paperwork and dynamic varieties through JavaScript help, which additionally expands the appliance’s assault floor.

This week, Cisco’s Talos safety researchers have revealed data on 4 vulnerabilities in Foxit Reader’s JavaScript engine that may very well be exploited to attain arbitrary code execution.

The problems, tracked as CVE-2022-32774, CVE-2022-38097, CVE-2022-37332 and CVE-2022-40129, have a CVSS rating of 8.Eight and are described as use-after-free vulnerabilities.

“A specifically crafted PDF doc can set off the reuse of beforehand freed reminiscence, which might result in arbitrary code execution,” Cisco explains.

An attacker seeking to exploit these vulnerabilities would want to trick a person into opening a malicious file. In accordance with Cisco, if the Foxit browser plugin extension is enabled, the bugs might be triggered when the person navigates to a malicious web site.

Cisco reported the safety defects to Foxit in September. This week, Foxit launched model 12.0.1.12430 of its PDF reader to deal with all points. Customers are suggested to replace to the most recent software program iteration as quickly as potential.

Associated: Apple Patches Distant Code Execution Flaws in iOS, macOS

Associated: Cisco Patches 33 Vulnerabilities in Enterprise Firewall Merchandise

Associated: Citrix Patches Essential Vulnerability in Gateway, ADC

Associated: SAP Patches Essential Vulnerabilities in BusinessObjects, SAPUI5

Get the Each day Briefing

• Most Latest
• Most Learn

• GitHub Introduces Non-public Vulnerability Reporting for Public Repositories
• Chinese language Spyware and adware Targets Uyghurs By Apps: Report
• LiteSpeed Vulnerabilities Can Result in Full Internet Server Takeover
• Foxit Patches A number of Code Execution Vulnerabilities in PDF Reader
• Google Pays $70okay for Android Lock Display screen Bypass
• CISA Releases Determination Tree Mannequin to Assist Corporations Prioritize Vulnerability Patching
• Microsoft Hyperlinks Status Ransomware Assaults to Russian State-Sponsored Hackers
• Laika Raises $50 Million for Its Compliance Platform
• Cisco Patches 33 Vulnerabilities in Enterprise Firewall Merchandise
• Twitter Safety Chief Resigns as Musk Sparks ‘Deep Concern’

In search of Malware in All of the Incorrect Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Pc Says About You

Be in a Place to Act By Cyber Situational Consciousness

Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice Yr To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

Find out how to Determine Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Engaging

Find out how to Defend In opposition to DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

https://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.