Use After Free Vulnerability in Foxit Reader SDK ActiveX
CVE-2018-19452
7.8HIGH
Summary
An attacker could exploit a use after free condition in the TextBox field's Mouse Enter action within the Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. This vulnerability allows attackers to execute arbitrary code remotely by leveraging specially crafted PDF files, marking a significant security risk for users of the affected product. The exploitation technique differs from related vulnerabilities, requiring unique JavaScript code to trigger the flaw effectively.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved