CVE-2021-34957: 
Foxit PDF Reader vulnerability analysis and mitigation

Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability (CVE-2021-34957) was discovered in Foxit PDF Editor. The vulnerability was reported on August 11, 2021, and publicly disclosed on October 15, 2021. This vulnerability affects installations of Foxit PDF Editor and requires user interaction to be exploited (Zero Day Initiative).

The vulnerability exists within the handling of Annotation objects in Foxit PDF Editor. The specific flaw results from the lack of validating the existence of an object prior to performing operations on the object. The vulnerability has been assigned a CVSS v3.0 base score of 7.8 (High) with the vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates local access is required, low attack complexity, no privileges required, and user interaction is required (Zero Day Initiative).

An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. The vulnerability can lead to complete compromise of the system's confidentiality, integrity, and availability if successfully exploited (Zero Day Initiative).

Foxit has issued an update to correct this vulnerability. Users should update their Foxit PDF Editor installations to the latest version available through the vendor's website or through the application's update mechanism (Zero Day Initiative, Foxit Security Bulletins).