CVE-2024-30348: CWE-787: Out-of-bounds Write in Foxit PDF Reader
Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22911.
AI Analysis
Technical Summary
CVE-2024-30348 is a vulnerability classified under CWE-787 (Out-of-bounds Write) affecting Foxit PDF Reader version 2023.3.0.23028. The flaw exists in the U3D file parsing component, where the software fails to properly validate user-supplied data, leading to a write operation beyond the allocated buffer boundaries. This memory corruption can be exploited by an attacker to execute arbitrary code remotely. The attack vector requires user interaction, such as opening a maliciously crafted PDF file or visiting a webpage embedding a malicious U3D file. The vulnerability allows code execution in the context of the current process, which could lead to full system compromise if the user has elevated privileges. The CVSS v3.0 score is 7.8, indicating high severity, with attack vector local (requiring user interaction), low attack complexity, no privileges required, and impacts on confidentiality, integrity, and availability. Although no active exploits have been reported, the nature of the vulnerability and the widespread use of Foxit PDF Reader make it a significant risk. The vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-22911 and published on April 2, 2024. No official patches have been linked yet, so users must rely on mitigation strategies until an update is available.
Potential Impact
The vulnerability enables remote code execution, which can lead to complete system compromise on affected machines. Attackers can gain the ability to execute arbitrary code with the privileges of the user running Foxit PDF Reader, potentially leading to data theft, installation of malware, ransomware deployment, or lateral movement within a network. Since Foxit PDF Reader is widely used in enterprise and government environments for document handling, exploitation could disrupt business operations and compromise sensitive information. The requirement for user interaction limits mass exploitation but targeted attacks, such as spear-phishing campaigns, could be highly effective. The impact spans confidentiality, integrity, and availability, making this a critical risk for organizations relying on this software without mitigations or patches.
Mitigation Recommendations
1. Immediately restrict or disable the use of Foxit PDF Reader version 2023.3.0.23028 until a patch is released. 2. Employ application whitelisting to prevent execution of unauthorized or suspicious PDF files. 3. Use sandboxing or isolated environments for opening PDF files from untrusted sources to contain potential exploits. 4. Educate users to avoid opening PDFs from unknown or untrusted origins and to be cautious of unsolicited emails or links. 5. Monitor network and endpoint logs for unusual behavior indicative of exploitation attempts, such as unexpected process creation or memory corruption indicators. 6. Implement endpoint detection and response (EDR) solutions capable of detecting exploitation techniques related to memory corruption. 7. Once available, promptly apply official patches from Foxit to remediate the vulnerability. 8. Consider disabling U3D file support in Foxit Reader if possible as a temporary workaround to reduce attack surface.
Affected Countries
United States, China, Germany, United Kingdom, France, Japan, South Korea, India, Canada, Australia
CVE-2024-30348: CWE-787: Out-of-bounds Write in Foxit PDF Reader
Description
Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22911.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-30348 is a vulnerability classified under CWE-787 (Out-of-bounds Write) affecting Foxit PDF Reader version 2023.3.0.23028. The flaw exists in the U3D file parsing component, where the software fails to properly validate user-supplied data, leading to a write operation beyond the allocated buffer boundaries. This memory corruption can be exploited by an attacker to execute arbitrary code remotely. The attack vector requires user interaction, such as opening a maliciously crafted PDF file or visiting a webpage embedding a malicious U3D file. The vulnerability allows code execution in the context of the current process, which could lead to full system compromise if the user has elevated privileges. The CVSS v3.0 score is 7.8, indicating high severity, with attack vector local (requiring user interaction), low attack complexity, no privileges required, and impacts on confidentiality, integrity, and availability. Although no active exploits have been reported, the nature of the vulnerability and the widespread use of Foxit PDF Reader make it a significant risk. The vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-22911 and published on April 2, 2024. No official patches have been linked yet, so users must rely on mitigation strategies until an update is available.
Potential Impact
The vulnerability enables remote code execution, which can lead to complete system compromise on affected machines. Attackers can gain the ability to execute arbitrary code with the privileges of the user running Foxit PDF Reader, potentially leading to data theft, installation of malware, ransomware deployment, or lateral movement within a network. Since Foxit PDF Reader is widely used in enterprise and government environments for document handling, exploitation could disrupt business operations and compromise sensitive information. The requirement for user interaction limits mass exploitation but targeted attacks, such as spear-phishing campaigns, could be highly effective. The impact spans confidentiality, integrity, and availability, making this a critical risk for organizations relying on this software without mitigations or patches.
Mitigation Recommendations
1. Immediately restrict or disable the use of Foxit PDF Reader version 2023.3.0.23028 until a patch is released. 2. Employ application whitelisting to prevent execution of unauthorized or suspicious PDF files. 3. Use sandboxing or isolated environments for opening PDF files from untrusted sources to contain potential exploits. 4. Educate users to avoid opening PDFs from unknown or untrusted origins and to be cautious of unsolicited emails or links. 5. Monitor network and endpoint logs for unusual behavior indicative of exploitation attempts, such as unexpected process creation or memory corruption indicators. 6. Implement endpoint detection and response (EDR) solutions capable of detecting exploitation techniques related to memory corruption. 7. Once available, promptly apply official patches from Foxit to remediate the vulnerability. 8. Consider disabling U3D file support in Foxit Reader if possible as a temporary workaround to reduce attack surface.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2024-03-26T18:52:36.413Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 699f6dbfb7ef31ef0b58da3b
Added to database: 2/25/2026, 9:46:39 PM
Last enriched: 2/26/2026, 12:06:36 PM
Last updated: 4/12/2026, 12:18:57 PM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.