Use-After-Free Vulnerability in Foxit PDF Reader 9.0.1.1049 Allows Arbitrary Code Execution

Use-After-Free Vulnerability in Foxit PDF Reader 9.0.1.1049 Allows Arbitrary Code Execution

CVE-2018-3850 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If a browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Learn more about our User Device Pen Test.