CVE-2021-34845: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2021-34845 is a remote code execution vulnerability discovered in Foxit PDF Reader version 11.0.0.49893. The vulnerability was reported on June 9, 2021, and publicly disclosed on July 30, 2021, with a patch released on August 3, 2021. This security flaw affects the handling of Annotation objects within the PDF Reader application (ZDI Advisory).

The vulnerability exists within the handling of Annotation objects in Foxit PDF Reader. The specific issue results from the lack of validating the existence of an object prior to performing operations on the object, leading to a Use-After-Free condition. The vulnerability has been assigned a CVSS v3.0 score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory).

If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code in the context of the current process on affected installations of Foxit PDF Reader. The attack requires user interaction, specifically the target must visit a malicious page or open a malicious file (ZDI Advisory).

Foxit has released a security update to address this vulnerability. Users are advised to update their Foxit PDF Reader installations to the latest version. The fix was made available through Foxit's security bulletin (ZDI Advisory).