CVE-2018-3842

HIGH

Foxit PDF Reader <9.0.1.1049 - RCE

Title source: llm

Description

An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An attacker needs to trick the user to open a malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

References (3)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040733

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103942

[Exploit, Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0525

Scores

CVSS v3 8.8

EPSS 0.0411

EPSS Percentile 88.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-824

Status published

Products (1)

foxitsoftware/foxit_reader 9.0.1.1049

Published Apr 19, 2018

Tracked Since Feb 18, 2026