CVE-2022-24358: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2022-24358 is a vulnerability discovered in Foxit PDF Reader version 11.1.0.52543. The vulnerability was reported on December 1, 2021, and publicly disclosed on February 10, 2022. This security flaw affects the handling of Doc objects in Foxit PDF Reader, allowing remote attackers to execute arbitrary code on affected installations (Zero Day Initiative).

The vulnerability has a CVSS score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The specific flaw exists within the handling of Doc objects. When performing actions in JavaScript, an attacker can trigger a read past the end of an allocated buffer, which can lead to arbitrary code execution in the context of the current process (Zero Day Initiative).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code on affected installations of Foxit PDF Reader. The impact is significant as it could lead to complete system compromise, with the attacker gaining the same privileges as the current process (Zero Day Initiative).

Foxit has issued an update to correct this vulnerability. Users are advised to update their installations to the latest version through the vendor's website or through the application's update mechanism (Zero Day Initiative).