Use After Free Vulnerability in Foxit Reader SDK ActiveX
CVE-2018-19452

7.8HIGH

Key Information:

Vendor: Foxit
Status: Foxit PDF Sdk Activex
Vendor: CVE Published:; 7 June 2019

Summary

An attacker could exploit a use after free condition in the TextBox field's Mouse Enter action within the Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. This vulnerability allows attackers to execute arbitrary code remotely by leveraging specially crafted PDF files, marking a significant security risk for users of the affected product. The exploitation technique differs from related vulnerabilities, requiring unique JavaScript code to trigger the flaw effectively.

References

https://www.foxitsoftware.com/support/security-bulletins.php

x_refsource_MISC

http://www.securityfocus.com/bid/108692

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2019
Vulnerability Reserved
Nov 22, 2018