In the latest vulnerability developments, Foxit has released security fixes for a Remote Code Execution(RCE) bug in its PDF reader.

Tracked as CVE-2021-21822, it has been rated as a high severity security vulnerability that had the potential to execute malicious code on a system.

Foxit Software critical security vulnerability:

Foxit Software is a software developer based in the United States and China that develops Portable Document Format software and tools used to create, edit, sign, and secure files and digital documents.

The software organization has reportedly more than 650 million users from all around the globe with its software employed by more than 100,000 customers.

Detailing the Foxit vulnerability, it was found to be a result of a Use After Free flaw in the V8 JavaScript engine.

The V8 JavaScript engine is utilized by Foxit Reader to display interactive document items and dynamic forms.

Once the use after free bugs are exploited successfully, a slew of unexpected programs ranging from crashing, data corruption to arbitrary code execution can be operated on a victim’s Windows system.

Also read,

XcodeGhost Malware Impacts 128 Million iOS Users

This can ultimately lead to a potential system takeover in a case of severe cybersecurity hazard.

The security hole is caused by the manner in which the Foxit Reader app and browser extensions manage certain annotation categories, which could be exploited by threat actors to design malicious PDFs that can trigger the reuse of formerly spare memory.

All that an attacker need is to dupe a target victim into opening a malicious file or site to trigger the bug if the browser plugin extension is enabled.

Addressing and patching multiple vulnerabilities:

The vulnerability impacts Foxit Reader 10.1.3.37598 and earlier versions, and it was addressed with the release of Foxit Reader 10.1.4.37651.

Foxit fixed several other security bugs impacting previous Foxit Reader versions in the latest release, exposing users’ devices to denial of service, remote code execution, information disclosure, SQL injection, DLL hijacking, and other vulnerabilities.

The complete list of security fixes in the Foxit Reader 10.1.4 release includes:

  • Issues where the application could be exposed to Memory Corruption vulnerability and crash when exporting certain PDF files to other formats.
  • Issues where the application could be exposed to Denial of Service vulnerability and crash when handling certain XFA forms or link objects.
  • Issues where the application could be exposed to Denial of Service, Null Pointer Reference, Out-of-Bounds Read, Context Level Bypass, Type Confusion, or Buffer Overflow vulnerability and crash, which could be exploited by attackers to execute remote code.
  • Issue where the application could be exposed to Arbitrary File Deletion vulnerability due to improper access control.
  • Issue where the application could deliver incorrect signature information for certain PDF files that contained invisible digital signatures.
  • Issues where the application could be exposed to DLL Hijacking vulnerability when it was launched, which could be exploited by attackers to execute remote code by placing a malicious DLL in the specified path directory.
  • Issues where the application could be exposed to Out-of-Bounds Write/Read Remote Code Execution or Information Disclosure vulnerability and crash when handling certain JavaScripts or XFA forms.
  • Issue where the application could be exposed to Out-of-Bounds Write vulnerability when parsing certain PDF files that contain nonstandard /Size key value in the Trailer dictionary.
  • Issue where the application could be exposed to Out-of-Bounds, Write vulnerability and crash when converting certain PDF files to Microsoft Office files.
  • Issues where the application could be exposed to Arbitrary File Write Remote Code Execution vulnerability when executing certain JavaScripts.
  • Issues where the application could be exposed to SQL Injection Remote Code Execution vulnerability.
  • Issue where the application could be exposed to Uninitialized Variable Information Disclosure vulnerability and crash.
  • Issues where the application could be exposed to Out-of-Bounds Read or Heap-based Buffer Overflow vulnerability and crash, which could be exploited by attackers to execute remote code or disclose sensitive information.

Foxit recommends it users update their versions to the latest releases to mitigate any security concerns.