Object Initialization Flaw in Foxit Reader SDK ActiveX Control
CVE-2018-19448

7.8HIGH

Key Information:

Vendor
Foxit
Vendor
CVE Published:
17 June 2019

Summary

An uninitialized object in the Foxit Reader SDK ActiveX control can be exploited when embedding the control into Microsoft Office documents. This issue allows attackers to trigger an out-of-bounds write condition by opening a specially crafted document, potentially leading to unauthorized remote code execution. Users of Foxit Reader SDK should ensure they are using updated versions to mitigate this security risk.

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.