CVE-2018-19446

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.8HIGH
EPSS
0.4%
top 42.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Foxitsoftware Foxit PDF SDK Activex
Timeline
PublishedJun 17
Latest updateMay 24

Description

A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: www.foxitsoftware.comPatch: www.foxitsoftware.com

🔴Vulnerability Details

2
GHSA
GHSA-3x6x-hm66-23q2: A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 52022-05-24
CVEList
CVE-2018-19446: A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 52019-06-17
CVE-2018-19446 (HIGH CVSS 7.8) | A File Write can occur for speciall | cvebase.io