CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-47810

High Severity
SVRS
40/100
CVSSv3
NA/10
EPSS
0.00094/1

CVE-2024-47810 is a use-after-free vulnerability in Foxit Reader that allows for arbitrary code execution. By embedding malicious Javascript in a PDF, attackers can exploit how Foxit Reader handles 3D page objects, leading to memory corruption. The SVRS score is 40, indicating a moderate risk, but potential for significant impact if successfully exploited.

CVE-2024-47810 highlights a critical flaw in Foxit Reader (version 2024.3.0.26795). This use-after-free vulnerability (CWE-416) can be triggered when a user opens a specially crafted PDF containing malicious JavaScript. Successful exploitation leads to arbitrary code execution, granting an attacker significant control over the affected system. While the CVSS score is 0, the SVRS of 40 suggests a moderate level of real-world risk, further evidenced by the "In The Wild" tag, indicating active exploitation. Organizations using Foxit Reader should apply available patches immediately to mitigate this serious threat.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-12-18
LAST MODIFIED2024-12-18
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-47810 is a use-after-free vulnerability impacting Foxit Reader 2024.3.0.26795. This flaw arises from the way the software handles 3D page objects, allowing a specially crafted Javascript code within a malicious PDF document to trigger memory corruption and potentially lead to arbitrary code execution. The vulnerability can be exploited through a malicious PDF file or by visiting a crafted website if the Foxit Reader browser plugin is enabled.

SVRS: 40 indicates that while this vulnerability is not considered critical, it is still significant and requires attention. While the SVRS score is below the critical threshold (80), it highlights the importance of addressing this vulnerability considering it is "In The Wild".

Key Insights

  • High Impact: Exploitation of this vulnerability can lead to arbitrary code execution, granting attackers full control over the affected system. This could result in data theft, system compromise, and other malicious activities.
  • Exploitation through Malicious PDFs: Attackers can exploit this vulnerability by delivering malicious PDF documents to their targets, either through email attachments or websites. This makes the vulnerability easily accessible to attackers.
  • Browser Plugin Exploitation: The vulnerability also affects Foxit Reader's browser plugin, allowing attackers to exploit it through malicious websites, expanding the attack surface.
  • Active Exploitation: The "In The Wild" tag signifies that this vulnerability is actively being used by malicious actors in real-world attacks.

Mitigation Strategies

  • Update Foxit Reader: Immediately update Foxit Reader to the latest version to patch the vulnerability. Foxit is likely to have released a security patch addressing this issue.
  • Disable Browser Plugin: Temporarily disable the Foxit Reader browser plugin until a patch is available or until you can confirm the plugin is updated. This reduces the attack surface by preventing exploitation through malicious websites.
  • Restrict PDF File Access: Implement policies to restrict the opening of PDF files from untrusted sources or enforce the use of alternative PDF readers.
  • Educate Users: Train users to be cautious about opening PDF attachments from unknown senders and to be wary of suspicious links or websites.

Additional Information:

If you require further information on this vulnerability or have any specific concerns regarding CVE-2024-47810, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for assistance.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-47810 | Foxit Reader 2024.3.0.26795 3D Page Object use after free (TALOS-2024-2094 / Nessus ID 213091)
vuldb.com2025-02-17
CVE-2024-47810 | Foxit Reader 2024.3.0.26795 3D Page Object use after free (TALOS-2024-2094 / Nessus ID 213091) | A vulnerability has been found in Foxit Reader 2024.3.0.26795 and classified as critical. This vulnerability affects unknown code of the component 3D Page Object Handler. The manipulation leads to use after free. This vulnerability was named CVE-2024-47810. The attack can be initiated remotely. There
vuldb.com
rss
forum
news
Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found
Kri Dontje2024-12-19
Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found | Cisco Talos&#x2019; Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader.&#xa0;&#xa0;These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular and feature-rich PDF readers on the market.&#xa0;The vulnerabilities<img alt="Acrobat out-of-bounds and Foxit use-after-free PDF reader
feedburner.com
rss
forum
news
Tageszusammenfassung - 18.12.2024
CERT.at2025-02-01
Tageszusammenfassung - 18.12.2024 | End-of-Day report Timeframe: Dienstag 17-12-2024 18:00 - Mittwoch 18-12-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a News Critical security hole in Apache Struts under exploit A critical security hole in Apache Struts 2 [..] CVE-2024-53677 [..] is currently being exploited using publicly available proof-of-concept (PoC) code. https://go.theregister.com/feed/www.theregister.com/2024/12/17/critical_rce_apache_struts/ How to Lose
cert.at
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
Ajit Jasrotia2024-12-23
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips | The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up. Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, [&#8230;] The post ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips appeared first on <a
allhackernews.com
rss
forum
news
CVE-2024-47810 | Foxit Reader 2024.3.0.26795 3D Page Object use after free (TALOS-2024-2094)
vuldb.com2024-12-18
CVE-2024-47810 | Foxit Reader 2024.3.0.26795 3D Page Object use after free (TALOS-2024-2094) | A vulnerability has been found in Foxit Reader 2024.3.0.26795 and classified as critical. This vulnerability affects unknown code of the component 3D Page Object Handler. The manipulation leads to use after free. This vulnerability was named CVE-2024-47810. The attack can be initiated remotely. There is no exploit
vuldb.com
rss
forum
news

Social Media

🗣 CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws https://t.co/8kj51uQ42o
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://talosintelligence.com/vulnerability_reports/TALOS-2024-2094
AF854A3A-2127-422B-91AE-364DA2661108https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2094
[email protected]https://talosintelligence.com/vulnerability_reports/TALOS-2024-2094
GITHUBhttps://talosintelligence.com/vulnerability_reports/TALOS-2024-2094

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence