PT-2019-9810 · Foxit · Foxit Reader Sdk (Activex) Professional

Publicado

2019-06-07

Atualizado

2019-06-18

CVE-2018-19444

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foxit Reader SDK (ActiveX) Professional version 5.4.0.1031

Description A use after free issue in the TextBox field Validate action in IReader ContentProvider can be triggered by specially crafted PDF files, potentially allowing an attacker to achieve remote code execution. This issue requires specific JavaScript code for exploitation and has a different free location compared to a related issue.

Recommendations For Foxit Reader SDK (ActiveX) Professional version 5.4.0.1031, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

CVE-2018-19444

Produtos afetados

Foxit Reader Sdk (Activex) Professional

PT-2019-9810 · Foxit · Foxit Reader Sdk (Activex) Professional

CVE-2018-19444

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4