CVE-2018-19444
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A use after free in the TextBox field Validate action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free location and requires different JavaScript code for exploitation.
Puede ocurrir un uso de memoria previamente liberada en la acción Validate en el campo TextBox en la función IReader_ContentProvider para archivos PDF especialmente creados en Foxit Reader SDK (ActiveX) Professional versión 5.4.0.1031. Un atacante puede explotar esto para obtener ejecución de código remota. En relación con CVE-2018-19452, esta tiene una asignación libre distinta y requiere un código JavaScript diferente para su explotación.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-11-22 CVE Reserved
- 2019-06-17 CVE Published
- 2023-12-14 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.foxitsoftware.com/support/security-bulletins.php | 2019-06-18 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Pdf Sdk Activex Search vendor "Foxitsoftware" for product "Foxit Pdf Sdk Activex" | <= 5.5.0 Search vendor "Foxitsoftware" for product "Foxit Pdf Sdk Activex" and version " <= 5.5.0" | professional |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|