CVE-2018-3853 - An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit

CVE-2018-3853

Summary

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

References

Vulnerable Configurations

cpe:2.3:a:foxitsoftware:foxit_reader:9.0.1.1049:*:*:*:*:*:*:*
cpe:2.3:a:foxitsoftware:foxit_reader:9.0.1.1049:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 03-12-2022 - 14:19)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	103942
misc	https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0536
sectrack	1040733

Last major update

03-12-2022 - 14:19

Published

04-06-2018 - 20:29

Last modified

03-12-2022 - 14:19