PT-2019-9815 · Foxit · Foxit Reader Sdk (Activex) Professional

Publicado

2019-06-17

·

Atualizado

2019-06-18

·

CVE-2018-19449

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Foxit Reader SDK (ActiveX) Professional version 5.4.0.1031
Description The issue allows a File Write to occur for specially crafted PDF files when the JavaScript API Doc.exportAsFDF is used. This can be leveraged by an attacker to gain remote code execution.
Recommendations For Foxit Reader SDK (ActiveX) Professional version 5.4.0.1031, consider disabling the Doc.exportAsFDF JavaScript API until a patch is available to prevent potential remote code execution.

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2018-19449

Produtos afetados

Foxit Reader Sdk (Activex) Professional