CVE-2018-7406

Published: May 24, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. An attacker can leverage this to execute code in the context of the current process.

Affected (2)

Products: Foxitsoftware: Phantompdf, Reader

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Foxitsoftware Phantompdf	Up to 9.0.1.1049
Foxitsoftware Reader	Up to 9.0.1.1049

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (6)

http://www.securityfocus.com/bid/104300

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://srcincite.io/advisories/src-2018-0017/

Source: cve@mitre.org

Third Party Advisory

https://www.foxitsoftware.com/support/security-bulletins.php

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/104300

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://srcincite.io/advisories/src-2018-0017/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.foxitsoftware.com/support/security-bulletins.php

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.