PT-2018-16361 · Foxit · Foxit Pdf Reader
Published
2018-10-08
·
Updated
2023-02-02
·
CVE-2018-3996
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Foxit PDF Reader version 9.2.0.9297
Description
A use-after-free issue in the JavaScript engine of Foxit PDF Reader can be triggered by a specially crafted PDF document, potentially leading to arbitrary code execution. An attacker must trick the user into opening the malicious file to exploit this issue. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Recommendations
For Foxit PDF Reader version 9.2.0.9297, consider disabling the JavaScript engine in the PDF Reader settings as a temporary workaround until a patch is available. Additionally, avoid using the browser plugin extension until the issue is resolved.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Pdf Reader