CVE-2023-38573: 
Foxit PDF Reader vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2023-38573) exists in Foxit Reader 12.1.2.15356 that affects how the software handles signature fields. The vulnerability was discovered by Aleksandar Nikolic and KPC of Cisco Talos and publicly disclosed on November 27, 2023. The affected software is Foxit Reader, a popular PDF document reader that aims for feature parity with Adobe's Acrobat Reader (Talos Report).

The vulnerability occurs when a specially crafted Javascript code inside a malicious PDF document triggers the reuse of a previously freed object, leading to memory corruption. The issue specifically involves the way Foxit Reader handles a signature object, where a signature object is freed by deletePages() function and subsequently used without proper validation. The vulnerability has been assigned a CVSS v3.1 score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and is classified as CWE-416 (Use After Free) (Talos Report).

If successfully exploited, this vulnerability can lead to arbitrary code execution on the targeted system. Since additional Javascript code can be executed between object free and reuse, freed memory could be put under attacker control. With careful memory layout manipulation, this can lead to further memory corruption and ultimately allow attackers to execute malicious code (Talos Report).

Foxit has released a patch to address this vulnerability on November 22, 2023. Users are advised to update to the latest version of Foxit Reader to protect against potential exploitation (Talos Report).