Описание
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.5.0 (включая)
Одновременно
cpe:2.3:a:foxitsoftware:foxit_pdf_sdk_activex:*:*:*:*:professional:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00631
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution.
EPSS
Процентиль: 70%
0.00631
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-77