PT-2018-5655 · Foxit · Foxit Pdf Reader
Published
2018-04-23
·
Updated
2023-01-28
·
CVE-2017-14458
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Foxit PDF Reader version 8.3.2.25013
Description:
A use-after-free issue in the JavaScript engine of Foxit PDF Reader can be exploited by opening a specially crafted PDF document, allowing arbitrary code execution. This can be triggered by an attacker tricking the user into opening the malicious file. If the browser plugin extension is enabled, visiting a malicious site can also trigger the issue.
Recommendations:
For Foxit PDF Reader version 8.3.2.25013, consider disabling the JavaScript engine as a temporary workaround until a patch is available. Restrict access to malicious PDF documents and avoid visiting untrusted websites with the browser plugin extension enabled.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Pdf Reader