CVE-2018-3843
Summary
| CVE | CVE-2018-3843 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-04-19 19:29:00 UTC |
| Updated | 2023-02-03 19:07:00 UTC |
| Description | An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. |
Risk And Classification
Problem Types: CWE-704
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Foxitsoftware | Foxit Reader | 9.0.1.1049 | All | All | All |
| Application | Foxitsoftware | Foxit Reader | 9.0.1.1049 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Foxit Reader Multiple Remote Code Execution Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| TALOS-2018-0526 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence | MISC | www.talosintelligence.com | Third Party Advisory |
| Foxit Reader Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.