CVE-2018-19448

Name of the Vulnerable Software and Affected Versions Foxit Reader SDK (ActiveX) Professional version 5.4.0.1031

Description The issue arises from an uninitialized object in the IReader ContentProvider::GetDocEventHandler function when the control is embedded into Office documents. This can be triggered by opening a specially crafted document, potentially leading to an out of bounds write condition and possibly allowing an attacker to achieve remote code execution.

Recommendations For Foxit Reader SDK (ActiveX) Professional version 5.4.0.1031, consider disabling the IReader ContentProvider::GetDocEventHandler function until a patch is available to prevent potential exploitation. Restrict the use of embedding the control into Office documents to minimize risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.