PT-2018-16331 · Foxit · Foxit Pdf Reader
Published
2018-08-01
·
Updated
2023-02-02
·
CVE-2018-3939
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Foxit Software's PDF Reader version 9.1.0.5096
Description
A use-after-free issue in the JavaScript engine of Foxit Software's PDF Reader can be exploited, allowing arbitrary code execution when a specially crafted PDF document is opened. This can happen when a user is tricked into opening a malicious file. Additionally, if the browser plugin extension is enabled, visiting a malicious site can also trigger the issue.
Recommendations
For Foxit Software's PDF Reader version 9.1.0.5096, consider disabling the JavaScript engine as a temporary workaround until a patch is available. Avoid opening suspicious PDF files from untrusted sources, and disable the browser plugin extension to minimize the risk of exploitation.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Pdf Reader