Share
## https://sploitus.com/exploit?id=CB847F9C-B699-5DC3-96BB-61A9DA149455
# CVE-2022-28672

[![Twitter Follow](https://img.shields.io/twitter/follow/HackSysTeam?style=social)](https://twitter.com/HackSysTeam)
[![Mastodon Follow](https://img.shields.io/mastodon/follow/109291325205105061?domain=https%3A%2F%2Finfosec.exchange&style=social)](https://infosec.exchange/@hacksysteam)

This bug was `Use after Free` caused by improper handling of javascript object memory references.

## Blog

-   [Foxit PDF Reader - UaF - RCE - JIT Spraying](https://hacksys.io/blogs/foxit-reader-uaf-rce-jit-spraying-cve-2022-28672)

## Advisory

-   [CVE-2022-28672](https://hacksys.io/advisories/HI-2022-002)

## Demo

[![Foxit PDF Reader Remote Code Execution Demo - CVE-2022-28672](https://img.youtube.com/vi/5K44TxWPKCQ/0.jpg)](https://www.youtube.com/watch?v=5K44TxWPKCQ)