PT-2018-14927 · Foxit · Foxit Reader
Published
2018-11-17
·
Updated
2018-12-18
·
CVE-2018-19343
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Foxit Reader version 9.3.0.10826
Description
The issue allows remote attackers to cause a denial of service, obtain sensitive information, or possibly have unspecified other impact via a U3D sample. This is due to a "Data from Faulting Address controls Code Flow starting at U3DBrowser!PlugInMain+0x00000000000f43ff" issue in the u3d plugin.
Recommendations
For Foxit Reader version 9.3.0.10826, update to a newer version that contains a fix for this issue to prevent potential exploitation.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Reader