CVE-2022-24364: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2022-24364 is a Use-After-Free Remote Code Execution vulnerability affecting Foxit PDF Reader. The vulnerability was discovered and reported to Foxit on December 15, 2021, with public disclosure occurring on February 10, 2022. This vulnerability affects Foxit PDF Reader installations on Windows platforms (ZDI Advisory).

The vulnerability exists within the handling of Doc objects in Foxit PDF Reader. The specific flaw results from the lack of validating the existence of an object prior to performing operations on the object. The vulnerability has been assigned a CVSS score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory).

An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. The successful exploitation requires user interaction, specifically that the target must visit a malicious page or open a malicious file (ZDI Advisory).

Foxit has issued an update to correct this vulnerability. Users are advised to update their Foxit PDF Reader installations to the latest version available through the vendor's website (ZDI Advisory).