Use After Free Vulnerability in Foxit Reader SDK ActiveX
CVE-2018-19452

7.8HIGH

Key Information:

Vendor
Foxit
Vendor
CVE Published:
7 June 2019

Summary

An attacker could exploit a use after free condition in the TextBox field's Mouse Enter action within the Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. This vulnerability allows attackers to execute arbitrary code remotely by leveraging specially crafted PDF files, marking a significant security risk for users of the affected product. The exploitation technique differs from related vulnerabilities, requiring unique JavaScript code to trigger the flaw effectively.

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.