PT-2018-16357 · Foxit · Foxit Pdf Reader
Published
2018-10-08
·
Updated
2023-02-02
·
CVE-2018-3992
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Foxit PDF Reader version 9.2.0.9297
Description
A use-after-free issue in the JavaScript engine of Foxit PDF Reader can be exploited by opening a specially crafted PDF document, potentially leading to arbitrary code execution. An attacker must trick the user into opening the malicious file to trigger this issue. If the browser plugin extension is enabled, visiting a malicious site can also trigger the issue.
Recommendations
For Foxit PDF Reader version 9.2.0.9297, consider disabling the JavaScript engine in the PDF reader as a temporary workaround until a patch is available. Additionally, disabling the browser plugin extension can minimize the risk of exploitation.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Pdf Reader