CVE-2022-37381: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2022-37381 is a Use-After-Free vulnerability affecting Foxit PDF Reader. The vulnerability was discovered by Suyue Guo and Wei You from Renmin University of China and was publicly disclosed on August 5, 2022. This security flaw affects multiple versions of Foxit PDF Reader and Foxit PDF Editor (previously named Foxit PhantomPDF) on Windows platforms (Zero Day Initiative, NVD).

The vulnerability exists within the AFSpecial_KeystrokeEx method of Foxit PDF Reader. The specific issue stems from the lack of validating the existence of an object prior to performing operations on the object. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-416 (Use After Free) (Zero Day Initiative, NVD).

If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code in the context of the current process on affected installations of Foxit PDF Reader. The high CVSS score indicates that successful exploitation could lead to complete compromise of the system's confidentiality, integrity, and availability (Zero Day Initiative).

Foxit has released security updates to address this vulnerability. Users are advised to update their applications to the latest version through the application's built-in update feature or by downloading the latest version from the Foxit website. The vulnerability was initially reported to the vendor on May 16, 2022, and a fix was subsequently released (Zero Day Initiative, Foxit Security Bulletin).