Foxit Reader FileAttachment annotation use-after-free vulnerability redux


### Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled. ### Tested Versions Foxit Reader ### Product URLs <https://www.foxitsoftware.com/pdf-reader/> ### CVSSv3 Score 8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ### CWE CWE-416 - Use After Free ### Details Foxit PDF Reader is one of the most popular PDF document readers and has a large user base. It aims to have feature parity with Adobe’s Acrobat Reader. As a complete and feature-rich PDF reader, it supports JavaScript for interactive documents and dynamic forms. JavaScript support poses an additional attack surface. Foxit Reader uses the V8 JavaScript engine. We have previously disclosed this vulnerability to Foxit as being present in Foxit Reader version The vulnerability was tracked as TALOS-2021-1287 and was assigned CVE-2021-21822. Release notes for Foxit Reader version purport that this vulnerability was fixed but a closer examination and testing reveals that not to be the case. The details of the vulnerability, as well as the proof of concept PDF document demonstrating it, is the same as in our previously published advisory. ### Timeline 2021-05-26 - Vendor Disclosure 2021-07-76 - Public Release