Use After Free Vulnerability in Foxit Reader SDK ActiveX
CVE-2018-19452

7.8HIGH

Key Information:

Vendor

Foxit
Status
Foxit PDF Sdk Activex
Vendor
CVE Published:
7 June 2019

What is CVE-2018-19452?

An attacker could exploit a use after free condition in the TextBox field's Mouse Enter action within the Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. This vulnerability allows attackers to execute arbitrary code remotely by leveraging specially crafted PDF files, marking a significant security risk for users of the affected product. The exploitation technique differs from related vulnerabilities, requiring unique JavaScript code to trigger the flaw effectively.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.foxitsoftware.com/support/security-bulletins.php
x_refsource_MISC
http://www.securityfocus.com/bid/108692
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.