Vulnerability Details CVE-2022-37377
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537;. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaScript optimizations. The issue results from an improper optimization, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16733.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.054
EPSS Ranking 89.5%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2022-37377
-
cpe:2.3:a:foxit:pdf_editor:-
-
cpe:2.3:a:foxit:pdf_editor:10.1.6.37749
-
cpe:2.3:a:foxit:pdf_editor:10.1.7
-
cpe:2.3:a:foxit:pdf_editor:10.1.8.37795
-
cpe:2.3:a:foxit:pdf_editor:11.0.0
-
cpe:2.3:a:foxit:pdf_editor:11.0.0.49893
-
cpe:2.3:a:foxit:pdf_editor:11.0.1.0719
-
cpe:2.3:a:foxit:pdf_editor:11.1
-
cpe:2.3:a:foxit:pdf_editor:11.2.0.53415
-
cpe:2.3:a:foxit:pdf_editor:11.2.1
-
cpe:2.3:a:foxit:pdf_editor:11.2.2
-
cpe:2.3:a:foxit:pdf_editor:11.2.2.53575
-
cpe:2.3:a:foxit:pdf_editor:12.0.0.12394
-
cpe:2.3:a:foxit:pdf_reader:-
-
cpe:2.3:a:foxit:pdf_reader:10.1.0.37527
-
cpe:2.3:a:foxit:pdf_reader:10.1.3.37598
-
cpe:2.3:a:foxit:pdf_reader:10.1.4.37651
-
cpe:2.3:a:foxit:pdf_reader:11.0.0.49893
-
cpe:2.3:a:foxit:pdf_reader:11.0.1.0719
-
cpe:2.3:a:foxit:pdf_reader:11.0.1.49938
-
cpe:2.3:a:foxit:pdf_reader:11.1
-
cpe:2.3:a:foxit:pdf_reader:11.1.0.52543
-
cpe:2.3:a:foxit:pdf_reader:11.2.1
-
cpe:2.3:a:foxit:pdf_reader:11.2.1.53537
-
cpe:2.3:a:foxit:pdf_reader:11.2.2
-
cpe:2.3:a:foxit:pdf_reader:11.2.2.53575
-
cpe:2.3:a:foxit:pdf_reader:12.0
-
cpe:2.3:a:foxit:pdf_reader:8.3.2.25013
-
cpe:2.3:a:foxit:pdf_reader:9.0.1.1049
-
cpe:2.3:o:microsoft:windows:-