CVE-2022-37384: 
Foxit PDF Reader vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2022-37384) was discovered in Foxit PDF Reader version 11.2.1.53537. The vulnerability exists within the delay method and stems from the lack of validation when checking for an object's existence before performing operations on it. This vulnerability requires user interaction, specifically visiting a malicious page or opening a malicious file, to be exploited (Zero Day Initiative).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The specific flaw exists within the delay method where the application fails to validate an object's existence before performing operations on it. The vulnerability is classified as a Use-After-Free (CWE-416) issue (NVD, Zero Day Initiative).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. This could potentially lead to complete system compromise with the same privileges as the application (Zero Day Initiative).

Foxit has released security updates to address this vulnerability. Users are advised to update their Foxit PDF Reader installations to the latest version. The fix is available through the vendor's security bulletin (Foxit Security Bulletin).