CVE-2018-9951

HIGH

Foxit Reader < 9.0.1.1049 - Remote Code Execution via CPDF_Object Use-After-Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-9951. PoCs published by sandi-go.

AI-analyzed exploit summary This repository contains a writeup describing a use-after-free vulnerability in Foxit Reader and PhantomPDF, which can lead to remote code execution. The vulnerability is triggered by improper validation of CPDF_Object objects.

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CPDF_Object objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5414.

Exploits (1)

nomisec WRITEUP

by sandi-go · poc

https://github.com/sandi-go/cve-2018-9951

View Code ZIP pw:eip

This repository contains a writeup describing a use-after-free vulnerability in Foxit Reader and PhantomPDF, which can lead to remote code execution. The vulnerability is triggered by improper validation of CPDF_Object objects.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Foxit Reader 8.3.5.30351 and prior, Foxit PhantomPDF 8.3.5.30351 and prior

No auth needed

Prerequisites: Target must open a malicious file or visit a malicious page

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_confirm

https://www.foxitsoftware.com/support/security-bulletins.php

Third Party Advisory, VDB Entry x_refsource_misc

https://zerodayinitiative.com/advisories/ZDI-18-335

Scores

CVSS v3 8.8

EPSS 0.0484

EPSS Percentile 90.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (2)

foxitsoftware/foxit_reader < 9.0.1.1049

foxitsoftware/phantompdf < 9.0.1.1049

Published May 17, 2018

Tracked Since Feb 18, 2026