Cisco Talos recently discovered several use-after-free vulnerabilities in Foxit Reader that could lead to arbitrary code execution.
Users are encouraged to update these affected products as soon as possible: Foxit Reader 188.8.131.5230. Talos tested and confirmed these versions of the reader could be exploited by these vulnerabilities.
The following Snort rules will detect exploitation attempts against these vulnerabilities: 60594-60595, 60604-60605, 60592-60593 and 60619-60620. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.