Object Initialization Flaw in Foxit Reader SDK ActiveX Control
CVE-2018-19448
7.8HIGH
Summary
An uninitialized object in the Foxit Reader SDK ActiveX control can be exploited when embedding the control into Microsoft Office documents. This issue allows attackers to trigger an out-of-bounds write condition by opening a specially crafted document, potentially leading to unauthorized remote code execution. Users of Foxit Reader SDK should ensure they are using updated versions to mitigate this security risk.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved