CVE-2018-19448 Information

Description

In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 an uninitialized object in IReader_ContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document an attacker can trigger an out of bounds write condition possibly leveraging this to gain remote code execution.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://www.foxitsoftware.com/support/security-bulletins.php

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8