CVE-2024-47810

Published Dec 18, 2024

Last updated 2 months ago

CVSS high 8.8

Overview

Description
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Source
talos-cna@cisco.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

talos-cna@cisco.com
CWE-416

Social media

Hype score
Not currently trending

  1. #Vulnerability #CVE202447810 CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws https://t.co/5rzKa0YGV2

    @Komodosec

    22 Dec 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Foxit Vulnerability fixes Twin flaws in PDF Reader #FoxitReader #CVE-2024-49576 #CVE-2024-47810 https://t.co/c28AzNG0ks

    @pravin_karthik

    22 Dec 2024

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Threat Alert: Foxit PDF Editor Vulnerabilities Allows Remote Code Execution - #CVE-2024-49576 CVE-2024-49576 CVE-2024-47810 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/HYBv33zWMU #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    22 Dec 2024

    70 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. به تازگی برای Foxit که یک pdf reader می باشد آسیب پذیری هایی با کد شناسایی CVE-2024-49576 و CVE-2024-47810 منتشر شده است. این آسیب پذیری از نوع RCE بوده امکان‌اجرای کد به صورت Remote را فراهم‌ می نماید. https://t.co/Poz3aKYxT1 https://t.co/ISkKwybRpy

    @AmirHossein_sec

    21 Dec 2024

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws https://t.co/lNa2LuE7BM

    @Dinosn

    20 Dec 2024

    5151 Impressions

    22 Retweets

    66 Likes

    25 Bookmarks

    2 Replies

    1 Quote

  6. CVE-2024-47810 Use-After-Free Vulnerability in Foxit Reader Enables Arbitrary Code Execution Foxit Reader 2024.3.0.26795 has a use-after-free vulnerability. It happens when handling a 3D page object. Malicious PD... https://t.co/VZWHa571f2

    @VulmonFeeds

    18 Dec 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. (CVE-2024-47810)Foxit Reader 3D Page Object UAF https://t.co/etI42YlGM1 https://t.co/b9WMTu2rRo

    @xvonfers

    18 Dec 2024

    596 Impressions

    0 Retweets

    4 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2024-47810 A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF docu… https://t.co/RUGApKBeK6

    @CVEnew

    18 Dec 2024

    338 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References