Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-37377


This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537;. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaScript optimizations. The issue results from an improper optimization, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16733.


Published

2023-03-29T19:15:15.617

Last Modified

2024-11-21T07:14:52.493

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses
  • Type: Primary
    CWE-843

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application foxit pdf_editor < 10.1.9 Yes
Application foxit pdf_editor < 11.2.3 Yes
Application foxit pdf_editor 12.0.0.12394 Yes
Application foxit pdf_reader < 12.0.1 Yes
Operating System microsoft windows - No

References