CVE-2018-9948

MEDIUM

Foxit PDF Reader Pointer Overwrite UAF

Title source: metasploit

Description

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380.

Exploits (5)

nomisec WORKING POC 6 stars
by manojcode · poc
https://github.com/manojcode/Foxit-Reader-RCE-with-virualalloc-and-shellcode-for-CVE-2018-9948-and-CVE-2018-9958
nomisec WORKING POC
by orangepirate · poc
https://github.com/orangepirate/cve-2018-9948-9958-exp
exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/45269
exploitdb WORKING POC VERIFIED
by mr_me · textremotewindows
https://www.exploit-db.com/exploits/44941
metasploit WORKING POC NORMAL
by mr_me, bit from meepwn, saelo, Jacob Robles · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/foxit_reader_uaf.rb

References (4)

Scores

CVSS v3 6.5
EPSS 0.8726
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE
CWE-200 CWE-824
Status published

Affected Products (2)

foxitsoftware/foxit_reader < 9.0.1.1049
foxitsoftware/phantompdf < 9.0.1.1049

Timeline

Published May 17, 2018
Tracked Since Feb 18, 2026