CVE-2024-49576

Published Dec 18, 2024

Last updated 2 months ago

CVSS high 8.8

Overview

Description
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Source
talos-cna@cisco.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

talos-cna@cisco.com
CWE-416

Social media

Hype score
Not currently trending

  1. #Vulnerability #CVE202447810 CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws https://t.co/5rzKa0YGV2

    @Komodosec

    22 Dec 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Foxit Vulnerability fixes Twin flaws in PDF Reader #FoxitReader #CVE-2024-49576 #CVE-2024-47810 https://t.co/c28AzNG0ks

    @pravin_karthik

    22 Dec 2024

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Threat Alert: Foxit PDF Editor Vulnerabilities Allows Remote Code Execution - #CVE-2024-49576 CVE-2024-49576 CVE-2024-47810 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/HYBv33zWMU #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    22 Dec 2024

    70 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. به تازگی برای Foxit که یک pdf reader می باشد آسیب پذیری هایی با کد شناسایی CVE-2024-49576 و CVE-2024-47810 منتشر شده است. این آسیب پذیری از نوع RCE بوده امکان‌اجرای کد به صورت Remote را فراهم‌ می نماید. https://t.co/Poz3aKYxT1 https://t.co/ISkKwybRpy

    @AmirHossein_sec

    21 Dec 2024

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws https://t.co/lNa2LuE7BM

    @Dinosn

    20 Dec 2024

    5151 Impressions

    22 Retweets

    66 Likes

    25 Bookmarks

    2 Replies

    1 Quote

  6. CVE-2024-49576 Use-After-Free Arbitrary Code Execution in Foxit Reader 2024.3.0.26795 Foxit Reader 2024.3.0.26795 has a use-after-free vulnerability. This happens with how it manages a checkbox CBF_Widget object.... https://t.co/HSi8j1szCE

    @VulmonFeeds

    18 Dec 2024

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. (CVE-2024-49576)Foxit Reader Checkbox Calculate CBF_Widget UAF https://t.co/SGtjFUO7rn https://t.co/T1s2zmaDjJ

    @xvonfers

    18 Dec 2024

    464 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. CVE-2024-49576 A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malici… https://t.co/WHGOzZ2WM3

    @CVEnew

    18 Dec 2024

    314 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References