CVE-2018-3842
An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An attacker needs to trick the user to open a malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Published
2018-04-19T19:29:00.233
Last Modified
2024-11-21T04:06:09.063
Status
Modified
Source
[email protected]
Severity
CVSSv3.1: 8.8 (HIGH)
CVSSv2 Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
- Access Vector: NETWORK
- Access Complexity: MEDIUM
- Authentication: NONE
- Confidentiality Impact: PARTIAL
- Integrity Impact: PARTIAL
- Availability Impact: PARTIAL
Exploitability Score
8.6
Impact Score
6.4
Weaknesses
Affected Vendors & Products
References
-
http://www.securityfocus.com/bid/103942
Broken Link, Third Party Advisory, VDB Entry
([email protected])
-
http://www.securitytracker.com/id/1040733
Broken Link, Third Party Advisory, VDB Entry
([email protected])
-
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0525
Exploit, Third Party Advisory
([email protected])
-
http://www.securityfocus.com/bid/103942
Broken Link, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.securitytracker.com/id/1040733
Broken Link, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0525
Exploit, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)