ID CVE-2018-3842
Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An attacker needs to trick the user to open a malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:foxitsoftware:foxit_reader:9.0.1.1049:*:*:*:*:*:*:*
    cpe:2.3:a:foxitsoftware:foxit_reader:9.0.1.1049:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 04-02-2023 - 01:12)
Impact:
Exploitability:
CWE CWE-824
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 103942
misc https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0525
sectrack 1040733
Last major update 04-02-2023 - 01:12
Published 19-04-2018 - 19:29
Last modified 04-02-2023 - 01:12
Back to Top