From a2f04d3dbb1802a8fb17003a758f37823b78f521 Mon Sep 17 00:00:00 2001
From: TerinaK <114547352+TerinaK@users.noreply.github.com>
Date: Wed, 1 May 2024 15:40:35 +0800
Subject: [PATCH] 20240501003 (#692)

* 20240501003

* Format markdown docs

* Update 20240501003-foxit-reader-vulnerabilities.md

Added CVE links

* Format markdown docs

---------

Co-authored-by: TerinaK <TerinaK@users.noreply.github.com>
Co-authored-by: Joshua Hitchen (DGov) <86041569+DGovEnterprise@users.noreply.github.com>
Co-authored-by: DGovEnterprise <DGovEnterprise@users.noreply.github.com>
---
 ...0240501003-foxit-reader-vulnerabilities.md | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 docs/advisories/20240501003-foxit-reader-vulnerabilities.md

diff --git a/docs/advisories/20240501003-foxit-reader-vulnerabilities.md b/docs/advisories/20240501003-foxit-reader-vulnerabilities.md
new file mode 100644
index 00000000..e454933b
--- /dev/null
+++ b/docs/advisories/20240501003-foxit-reader-vulnerabilities.md
@@ -0,0 +1,29 @@
+# Foxit PDF Reader Vulnerabilities - 20240501003
+
+## Overview
+
+The Foxit PDF Reader has three High vulnerabilities that can lead to memory corruption and result in arbitrary code execution if triggered by a malicious file or website for which the browser plugin is enabled.
+
+## What is vulnerable?
+
+| CVE                                                               | Severity | CVSS | Product(s) Affected        | Summary                                                                                                           | Dated         |
+| ----------------------------------------------------------------- | -------- | ---- | -------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------- |
+| [CVE-2024-25575](https://nvd.nist.gov/vuln/detail/CVE-2024-25575) | **High** | 8.8  | **versions before** 2024.2 | A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. | 30 April 2024 |
+| [CVE-2024-25648](https://nvd.nist.gov/vuln/detail/CVE-2024-25648) | **High** | 8.8  | **versions before** 2024.2 | A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget.           | 30 April 2024 |
+| [CVE-2024-25938](https://nvd.nist.gov/vuln/detail/CVE-2024-25938) | **High** | 8.8  | **versions before** 2024.2 | A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget.            | 30 April 2024 |
+
+## What has been observed?
+
+There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- https://www.foxit.com/support/security-bulletins.html
+
+## Additional References
+
+- [CVE-2024-25575](https://nvd.nist.gov/vuln/detail/CVE-2024-25575)
+- [CVE-2024-25648](https://nvd.nist.gov/vuln/detail/CVE-2024-25648)
+- [CVE-2024-25938](https://nvd.nist.gov/vuln/detail/CVE-2024-25938)