CVE-2018-19448

Опубликовано: 17 июн. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialized object in IReader_ContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveraging this to gain remote code execution.

Ссылки

https://www.foxitsoftware.com/support/security-bulletins.php
Patch
Vendor Advisory
https://www.foxitsoftware.com/support/security-bulletins.php
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:foxitsoftware:foxit_pdf_sdk_activex:*:*:*:*:professional:*:*:*

Версия до 5.5.0 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00361

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-g7p5-r9hg-fxmh