Foxit PDF Reader is a software used for viewing and editing PDF files. The vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. This allows attackers to execute arbitrary code on your system by opening a maliciously crafted PDF file, potentially leading to memory corruption.
Foxit PDF Reader version 11.0.1 and earlier (version info not specified in the advisory). Check with: find / -name "foxit*.exe" 2>/dev/null or file foxit*.exe | grep Foxit
Note: This vulnerability is specific to Foxit PDF Reader, which is different from similar products like Adobe Acrobat Reader.
Upgrade to Foxit PDF Reader version 11.0.2 or later.
(Get the latest version from: https://www.foxit.com/products/pdf-reader/)
- Immediate mitigations:
- Disable 3D annotations in Foxit PDF Reader settings
- Use a different PDF viewer that does not support 3D annotations