CVE-2022-37389: 
Foxit PDF Reader vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2022-37389) was discovered in Foxit PDF Reader version 11.2.2.53575. The vulnerability exists within the handling of AcroForms and stems from the application's failure to validate the existence of an object before performing operations on it. This vulnerability requires user interaction, specifically opening a malicious file or visiting a malicious page (Zero Day Initiative).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The specific flaw is a Use-After-Free vulnerability in the AcroForms handling mechanism, where the application fails to properly validate object existence before performing operations (NVD, Zero Day Initiative).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. This could potentially lead to complete system compromise at the level of the affected application's privileges (Zero Day Initiative).

Foxit has released security updates to address this vulnerability. Users should update their Foxit PDF Reader to a version newer than 11.2.2.53575. The fix is available through the application's update mechanism or can be downloaded directly from Foxit's website (Foxit Security Bulletin).