Vulnerability Details CVE-2018-19444
A use after free in the TextBox field Validate action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free location and requires different JavaScript code for exploitation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2018-19444
-
cpe:2.3:a:foxitsoftware:foxit_pdf_sdk_activex:5.4.0.1031
-
cpe:2.3:a:foxitsoftware:foxit_pdf_sdk_activex:5.5.0
-
cpe:2.3:o:microsoft:windows:-