CVE-2022-28683: 
Foxit PDF Reader vulnerability analysis and mitigation

A Use-After-Free vulnerability (CVE-2022-28683) was discovered in Foxit PDF Reader's deletePages method. The vulnerability was disclosed on May 12, 2022, affecting Foxit PDF Reader installations. This vulnerability allows remote attackers to execute arbitrary code on affected systems when a user visits a malicious page or opens a malicious file (ZDI Advisory).

The vulnerability exists within the deletePages method of Foxit PDF Reader. The specific flaw results from the lack of validating the existence of an object prior to performing operations on the object. The vulnerability has been assigned a CVSS score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity (ZDI Advisory).

An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. The vulnerability requires user interaction to be exploited, specifically requiring the target to visit a malicious page or open a malicious file (ZDI Advisory).

Foxit has issued an update to correct this vulnerability. Users are advised to update their Foxit PDF Reader installations to the latest version available through the vendor's security bulletin (ZDI Advisory).