QID 379069

Foxit PDF Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
Foxit PDF Editor is a business ready PDF toolkit, used to create professional PDF documents.

Addressed a potential issue where the application could be exposed to Remote Code Execution vulnerability when handling certain JavaScripts.

Addressed potential issues where the application could be exposed to Use-After-Free or Out-of-Bounds Read vulnerability and crash when handling certain Doc, Graphic, Signature, or Bookmark objects, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the use of null pointer or object that has been deleted or freed without proper validation. (ZDI-CAN-22122, ZDI-CAN-22110, ZDI-CAN-22254, ZDI-CAN-22258, ZDI-CAN-22003)

Affected versions:
Foxit PDF Reader versions 2023.2.0.61611 and earlier
Foxit PDF Editor version 2023.2.0.61611
Foxit PDF Editor version 2023.1.0.55583
Foxit PDF Editor version 13.0.0.61829
Foxit PDF Editor version 12.1.1.55342 and all previous 12.x versions
Foxit PDF Editor versions 11.1.5.0913 and all previous 11.x versions

QID detection logic:(Authenticated)
Checks the vulnerable version of the Foxit Reader and Editor application on MAC.

Successful exploitation of this vulnerability may allow an attacker to execute remote code or disclose information.