CVE-2024-30330: 
Foxit PDF Reader vulnerability analysis and mitigation

Foxit PDF Reader contains a Use-After-Free vulnerability (CVE-2024-30330) that was discovered and reported on November 28, 2023, and publicly disclosed on March 28, 2024. This vulnerability affects installations of Foxit PDF Reader and allows remote attackers to execute arbitrary code. The vulnerability specifically exists within the handling of Doc objects in AcroForms (Zero Day Initiative).

The vulnerability stems from the lack of validating the existence of an object prior to performing operations on the object in AcroForms. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability has been classified as CWE-416 (Use After Free) (Zero Day Initiative, NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. User interaction is required for exploitation, specifically the target must visit a malicious page or open a malicious file (Zero Day Initiative).

Foxit has released security updates to address this vulnerability. Users are advised to update their applications to the latest version. The fix is available through the application's update feature by clicking on "Help" > "About Foxit PDF Reader" > "Check for Update" or by downloading the latest version directly from the Foxit website (Foxit Security Bulletin).