CVE-2024-9248: 
Foxit PDF Reader vulnerability analysis and mitigation

Foxit PDF Reader contains an out-of-bounds write vulnerability (CVE-2024-9248) that was discovered and disclosed on November 22, 2024. This vulnerability affects multiple versions of Foxit PDF Reader and Foxit PDF Editor on Windows platforms, including versions up to 2024.2.3.25184. The vulnerability allows remote attackers to execute arbitrary code on affected installations, though user interaction is required in the form of visiting a malicious page or opening a malicious file (Zero Day Initiative).

The vulnerability exists within the parsing of PDF files and results from the lack of proper validation of user-supplied data, which can lead to a write past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The weakness has been categorized as CWE-787 (Out-of-bounds Write) (NVD).

Successful exploitation of this vulnerability allows attackers to execute arbitrary code in the context of the current process. This means an attacker could potentially gain the same privileges as the application running the vulnerable code, enabling them to execute malicious commands on the affected system (Zero Day Initiative).

Foxit has released security updates to address this vulnerability. Users are advised to update their applications to the latest versions. For Version 2023.1 and higher, users can update by clicking on 'Help' > 'About Foxit PDF Reader' or 'About Foxit PDF Editor' > 'Check for Update'. Alternatively, users can download the updated version directly from the Foxit website (Foxit Security Bulletin).