CVE-2022-37391: 
Foxit PDF Reader vulnerability analysis and mitigation

This vulnerability (CVE-2022-37391) affects Foxit PDF Reader version 11.2.2.53575. Discovered and disclosed in June 2022, it allows remote attackers to execute arbitrary code on affected installations. The vulnerability specifically exists within the handling of AcroForms, requiring user interaction such as visiting a malicious page or opening a malicious file for exploitation (Zero Day Initiative).

The vulnerability stems from the lack of validating the existence of an object prior to performing operations on the object when handling AcroForms. Specifically, it is a Use-After-Free vulnerability that occurs during the deletePages operation. The vulnerability has been assigned a CVSS v3.1 score of 7.8 (HIGH) with the vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Zero Day Initiative).

If successfully exploited, this vulnerability allows attackers to execute code in the context of the current process. The high CVSS score indicates that successful exploitation could lead to complete compromise of the system's confidentiality, integrity, and availability, though user interaction is required (Zero Day Initiative).

Foxit has released security updates to address this vulnerability. Users should update their Foxit PDF Reader installations to the latest version. The fix was released through Foxit's security bulletin system (Foxit Security Bulletins).