CVE-2024-30345 is a use-after-free vulnerability classified under CWE-416 found in Foxit PDF Reader version 2023.3.0.23028. The vulnerability exists in the handling of Doc objects within AcroForms, a component used for interactive PDF forms. The root cause is the software's failure to verify the existence of an object before performing operations on it, which leads to a use-after-free condition. This memory corruption flaw can be exploited by an attacker who convinces a user to open a maliciously crafted PDF file or visit a malicious webpage containing such a file. Upon exploitation, the attacker can execute arbitrary code within the context of the Foxit PDF Reader process, potentially leading to full system compromise depending on the user's privileges. The vulnerability requires user interaction but does not require prior authentication, and the attack complexity is low to moderate. The CVSS v3.0 base score is 7.8, with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability. No public patches or exploits are currently reported, but the vulnerability was reserved and published in late March and early April 2024 respectively, and was assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-22742.

The impact of CVE-2024-30345 is significant for organizations using Foxit PDF Reader, especially in environments where PDF files are frequently exchanged or used for business-critical workflows. Successful exploitation can lead to remote code execution, allowing attackers to install malware, steal sensitive information, or disrupt operations. Since the vulnerability affects confidentiality, integrity, and availability, it poses a risk of data breaches, unauthorized system control, and potential lateral movement within networks. The requirement for user interaction limits mass exploitation but targeted attacks against high-value individuals or organizations remain a concern. Industries such as finance, government, healthcare, and legal sectors that rely heavily on PDF documents are particularly vulnerable. The lack of known exploits in the wild currently reduces immediate risk but also underscores the importance of proactive mitigation before attackers develop weaponized payloads.

Organizations should immediately inventory their use of Foxit PDF Reader and verify the affected version (2023.3.0.23028). Until an official patch is released, apply the following mitigations: (1) Restrict or disable the use of AcroForms in PDF readers if not required, (2) Implement application whitelisting and endpoint protection solutions capable of detecting anomalous PDF behavior, (3) Educate users to avoid opening PDFs from untrusted sources or unexpected emails, (4) Use network-level protections such as email filtering and web content scanning to block malicious PDFs, (5) Consider sandboxing PDF reader applications to limit the impact of potential exploitation, and (6) Monitor security advisories from Foxit for patches and apply them promptly once available. Additionally, employ intrusion detection systems tuned to detect exploitation attempts related to use-after-free vulnerabilities in PDF readers.