PT-2018-16348 · Foxit · Foxit Pdf Reader
Published
2018-10-03
·
Updated
2023-02-02
·
CVE-2018-3966
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Foxit PDF Reader version 9.1.0.5096
Description
An exploitable use-after-free issue exists in the JavaScript engine of Foxit Software's Foxit PDF Reader. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this issue. If the browser plugin extension is enabled, visiting a malicious site can also trigger the issue.
Recommendations
For Foxit PDF Reader version 9.1.0.5096, update to a newer version that contains a fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Pdf Reader