CVE-2022-28682: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2022-28682 is a remote code execution vulnerability discovered in Foxit PDF Reader version 11.2.1.53537. The vulnerability was reported on March 30, 2022, and publicly disclosed on May 12, 2022. This security flaw affects the handling of Doc objects within the PDF Reader application (ZDI Advisory).

The vulnerability exists within the handling of Doc objects in Foxit PDF Reader. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. The vulnerability has been assigned a CVSS v3.1 score of 7.8 (High), with the following vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score indicates that successful exploitation could lead to significant system compromise, though user interaction is required (ZDI Advisory).

Foxit has issued an update to correct this vulnerability. Users are advised to update to the latest version of the software. More details about the fix can be found on Foxit's security bulletins page (ZDI Advisory).