CVE-2020-13548
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
En Foxit Reader versión 10.1.0.37527, un documento PDF especialmente diseñado puede desencadenar la reutilización de la memoria previamente liberada, lo que puede conllevar a una ejecución de código arbitraria. Un atacante debe engañar al usuario a abrir el archivo malicioso para desencadenar esta vulnerabilidad. Si la extensión del plugin del navegador está habilitada, visitando un sitio malicioso también puede desencadenar la vulnerabilidad
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-26 CVE Reserved
- 2021-02-10 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2020-1166 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Foxitsoftware Search vendor "Foxitsoftware" | Foxit Reader Search vendor "Foxitsoftware" for product "Foxit Reader" | 10.1.0.37527 Search vendor "Foxitsoftware" for product "Foxit Reader" and version "10.1.0.37527" | - |
Affected
| ||||||