Remote Code Execution Vulnerability in Foxit Reader by Foxit Software
CVE-2018-14300

8.8HIGH

Key Information:

Vendor
Foxit
Vendor
CVE Published:
31 July 2018

Summary

This vulnerability in Foxit Reader 9.0.1.5096 enables remote attackers to execute arbitrary code by exploiting Polygon annotations within documents. Successful exploitation requires user interaction, as the target must either visit a malicious webpage or open a specially crafted file. By manipulating elements in a document, an attacker can lead to the reuse of a freed pointer, potentially allowing code execution in the context of the affected process.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.