PT-2019-9811 · Foxit · Foxit Reader Sdk (Activex) Professional
Published
2019-06-17
·
Updated
2019-06-18
·
CVE-2018-19445
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Foxit Reader SDK (ActiveX) Professional version 5.4.0.1031
Description
A command injection issue can occur when processing specially crafted PDF files, allowing an attacker to potentially gain remote code execution. This issue is related to the use of the JavaScript API
app.launchURL.Recommendations
For Foxit Reader SDK (ActiveX) Professional version 5.4.0.1031, consider disabling the
app.launchURL JavaScript API until a patch is available to prevent potential exploitation.Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Reader Sdk (Activex) Professional