CVE-2018-19448
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialized object in IReader_ContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveraging this to gain remote code execution.
En Foxit Reader SDK (ActiveX) Professional versión 5.4.0.1031, se presenta un objeto sin inicializar en la función IReader_ContentProvider::GetDocEventHandler cuando se incorpora el control de los documentos de Office. Al abrir un documento especialmente creado, un atacante puede desencadenar una condición de escritura fuera de límites, posiblemente aprovechando esto para obtener la ejecución de código remota.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-11-22 CVE Reserved
- 2019-06-17 CVE Published
- 2023-04-21 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.foxitsoftware.com/support/security-bulletins.php | 2019-06-18 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Pdf Sdk Activex Search vendor "Foxitsoftware" for product "Foxit Pdf Sdk Activex" | <= 5.5.0 Search vendor "Foxitsoftware" for product "Foxit Pdf Sdk Activex" and version " <= 5.5.0" | professional |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|