CVE-2022-28678: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2022-28678 is a Use-After-Free vulnerability discovered in Foxit PDF Reader that affects the handling of Doc objects. The vulnerability was disclosed on May 12, 2022, and received a CVSS score of 7.8 (High severity). The affected product is Foxit PDF Reader, which required user interaction for exploitation (ZDI Advisory).

The vulnerability exists within the handling of Doc objects in Foxit PDF Reader. The specific flaw results from the lack of validating the existence of an object prior to performing operations on the object. This Use-After-Free condition occurs when the application attempts to use a pointer or an object that has been previously freed without proper validation (ZDI Advisory).

When successfully exploited, this vulnerability allows remote attackers to execute arbitrary code in the context of the current process. The vulnerability received a CVSS score of 7.8, indicating high severity with the following vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

Foxit has issued an update to correct this vulnerability. Users are advised to update their Foxit PDF Reader installations to the latest version through the application's update mechanism or by downloading the latest version from the Foxit website (ZDI Advisory).