CVE-2018-3843 - An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 pa

CVE-2018-3843

Summary

An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

References

Vulnerable Configurations

cpe:2.3:a:foxitsoftware:foxit_reader:9.0.1.1049:*:*:*:*:*:*:*
cpe:2.3:a:foxitsoftware:foxit_reader:9.0.1.1049:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 03-02-2023 - 19:07)
Impact:
Exploitability:

CWE

CWE-704

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	103942
misc	https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0526
sectrack	1040733

Last major update

03-02-2023 - 19:07

Published

19-04-2018 - 19:29

Last modified

03-02-2023 - 19:07