CVE-2019-5126

CVSS 8.8 HIGHEPSS 3.5%CWE-416

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.8EPSS 3.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

16 ene 2020Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Productos afectados

n/a · Foxit

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0915