BSI warns about 8.8 Schwachstelle in PDF Reader

There are many KMUs as alternative inset PDF tools Foxit-Reader which has a high level with a CVSS value 8.8 out of 10. BSI is not affected the Reader or the Editor module in the Mac and Windows version.

Many KMUs went to PDF-Schwachstellen-Problem with moving away from the standard with Adobe Acrobat, releasing PDF-Reader and Editor alternatives. A credible alternative is the Foxit-Reader. Please note that the Repairer must ensure that a high level of security safety is assured for the BSI – the Federal Office for Security in Information Technology – warning. Versions for MacOS and Windows are affected.

BSI warns against the Schwachstelle

The BSI description allows an anonymous setting of more options in Foxit PDF Editor and Foxit Reader, a large code can be used, which creates privileges, a Denial-of-Service sister position is used or confidential information is obtained. The Foxit repairer has described the schwachstelle as follows: “Problems may arise if the use of a use-after-free Schwachstelle has a usage and abstürzen problem, if the best control objective, annotation object or AcroForms are obtained , was Angreifer auszen konnten, um Remotecode auszuführen or Informationen offered. If you want to receive a message or use an object, it is a valid validation of the validity, it is not correct to synchronize the annotation elements with the answer notation of an annotation with JavaScript, or it is reversed, the writing art cache after a ​​​​We will update the page correctly.”

Der Hersteller provides an overview of the CVEs and: CVE-2024-28888, CVE-2024-9243, CVE-2024-9246, CVE-2024-9250, CVE-2024-9252, CVE-2024-9253, CVE-2024- 9251, CVE-2024-9254, CVE-2024-9255, CVE-2024-9256.

Update in progress

The Repairer provides minor patches for the problems, but the most complete program version is not installed in the time it takes for the problems to be resolved. It is possible to embed the internal software with updates such as this or the new version of the Security-Advisory page.

Affected Windows versions

• Foxit PDF Reader 2024.2.3.25184 and beyond
• Foxit PDF Editor 2024.2.3.25184 and all versions 2024.x, 2023.3.0.23028 and all versions 2023.x, 13.1.3.22478 and all versions 13.x, 12.1.7.15526 and all versions 12. x versions , 11.2.10.53951 and further

Affected Mac versions

• Foxit PDF Editor for Mac 13.1.2.622011 and all versions 13.x, 12.1.5.55449 and all versions 12.x, 11.1.9.0524 and versions

More at BSI.Bund.de

The Federal Office for Information Technology (BSI)
The Federal Office for Information Technology (BSI) is the cyber security body of the Bundes and is responsible for digitalization in Germany. Das Leitbild: Das BSI als die Cybersecuritybehörde des Gestaltet-Informatie von Bundes in de Digitization von Prevention, Detection und Reaction voor State, Wirtschaft und Gesellschaft.

Suitable articles for the theme