CVE-2024-12751: 
Foxit PDF Reader vulnerability analysis and mitigation

Foxit PDF Reader contains a vulnerability (CVE-2024-12751) that allows remote attackers to execute arbitrary code on affected installations. The vulnerability was discovered and disclosed on December 30, 2024. The issue affects Foxit PDF Reader installations and requires user interaction, specifically opening a malicious file or visiting a malicious page (ZDI Advisory).

The vulnerability exists within the handling of AcroForms in Foxit PDF Reader. The specific flaw results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.0 base score of 7.8 (HIGH) with the vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue is classified as an Out-of-bounds Read vulnerability (CWE-125) (ZDI Advisory, NVD).

When successfully exploited, this vulnerability allows attackers to execute code in the context of the current process. The high CVSS score indicates that successful exploitation could lead to significant impact on the confidentiality, integrity, and availability of the affected system (ZDI Advisory).

Foxit has released security updates to address this vulnerability. Users are advised to update their Foxit PDF Reader to version 2024.4 or later. The update can be installed by clicking on 'Help' > 'About Foxit PDF Reader' > 'Check for Update' in the application, or by downloading the latest version from the Foxit website (Foxit Security Bulletin).