CVE-2018-19449

Published: Jun 17, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution.

Affected (1)

Products: Foxitsoftware: Foxit Pdf Sdk Activex

Foxitsoftware

1 product

Foxit Pdf Sdk Activex

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Foxitsoftware Foxit Pdf Sdk Activex	Up to 5.5.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.foxitsoftware.com/support/security-bulletins.php

Source: cve@mitre.org

PatchVendor Advisory

https://www.foxitsoftware.com/support/security-bulletins.php

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.