CVE-2024-9243: 
Foxit PDF Reader vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2024-9243) was discovered in Foxit PDF Reader's handling of AcroForms. The vulnerability was reported on April 24, 2024, and publicly disclosed on September 26, 2024. This security flaw affects multiple versions of Foxit PDF Reader and PDF Editor across both Windows and macOS platforms (ZDI Advisory).

The vulnerability exists within the handling of AcroForms in Foxit PDF Reader. The specific issue stems from the lack of validation for object existence before performing operations on the object. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, and user interaction required (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score reflects the potential for complete compromise of system confidentiality, integrity, and availability, though user interaction is required for successful exploitation (ZDI Advisory).

Foxit has released an update to address this vulnerability. Users are advised to update their Foxit PDF Reader and PDF Editor installations to the latest versions. More detailed information about the security fixes can be found in Foxit's security bulletins (ZDI Advisory).