← back
CVE-2018-3992

CVE-2018-3992

CVSS 8 HIGHEPSS 2.8%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8EPSS 2.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Oct 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected products
Foxit Software · Foxit PDF Reader

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0660http://www.securitytracker.com/id/1041769