CVE-2018-3962 Information

Description

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled visiting a malicious site can also trigger the vulnerability.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.securitytracker.com/id/1041769 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628 https://www.foxitsoftware.com/support/security-bulletins.php

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.3